Dell PowerConnect W
AirWave
Version 7.1
User Guide
Copyright
© 2010 Aruba Networks, Inc. AirWave®, Aruba Networks®, Aruba Mobi
lity Management System®, and other registered marks are
trademarks of Aruba Networks, Inc. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc.
All rights reserved. Specifications in this manual are subject to change without notice.
Originated in the USA. Any other trademarks appearing in this manual are the property of their respective companies.
Open Source Code
Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU
General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code
used can be found at this site:
http://www.arubanetworks.com/open_source
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, b
y all individuals or corporations, to terminate other vendors' VPN
client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba
Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those
vendors.
Dell PowerConnect W AirWave 7.1 | User Guide 0510823-02 | December 2010
Contents
Preface.....................................................................................................................................................................11
Document Organization................................................................................................................... 11
Notice Icons ...................................................................................................................................... 12
Contacting Support .........................................................................................................................12
Chapter 1 Introduction ........................................................................................................................13
AWMS—A Unified Wireless Network Command Center.......................................................... 13
AirWave Management Platform™ ........................................................................................13
Dell PowerConnect W Configuration .................................................................................... 14
VisualRF™.................................................................................................................................. 14
RAPIDS™ ................................................................................................................................... 14
Master Console and Failover.................................................................................................. 15
Integrating AWMS into the Network and Organizational Hierarchy....................................... 15
Chapter 2 Installing AWMS................................................................................................................17
AWMS Hardware Requirements and Installation Media.......................................................... 17
Installing Linux CentOS 5 (Phase 1)............................................................................................... 17
Installing AWMS Software (Phase 2) ...........................................................................................18
Getting Started.......................................................................................................................... 18
Step 1: Configuring Date and Time, Checking for Prior Installations .............................. 18
Date and Time...................................................................................................................18
Previous AWMS Installations ........................................................................................ 19
Step 2: Installing AWMS Software, Including AWMS....................................................... 19
Step 3: Checking the AWMS Installation .............................................................................19
Step 4: Assigning an IP Address to the AWMS System ....................................................19
Step 5: Naming the AWMS Network Administration System ........................................... 20
Step 6: Assigning a Host Name to the AWMS .................................................................... 20
Step 7: Changing the Default Root Password...................................................................... 21
Completing the Installation .....................................................................................................21
Configuring and Mapping Port Usage for AWMS....................................................................... 21
AWMS Navigation Basics ..............................................................................................................22
Status Section........................................................................................................................... 23
Navigation Section................................................................................................................... 23
Activity Section......................................................................................................................... 25
Help Links in the GUI................................................................................................................26
Common List Settings ..............................................................................................................26
Buttons and Icons ....................................................................................................................27
Getting Started with AWMS ........................................................................................................... 29
Completing Initial Login ........................................................................................................... 29
Chapter 3 Configuring AWMS............................................................................................................31
Before You Begin.............................................................................................................................. 31
Formatting the Top Header ............................................................................................................. 31
Customizing Columns in Lists .........................................................................................................33
Resetting Pagination Records........................................................................................................ 34
Using the Pagination Widget.......................................................................................................... 34
Dell PowerConnect W AirWave 7.1 | User Guide | 3
Using CSV Export for Lists and Reports........................................................................................ 35
Defining Graph Display Preferences............................................................................................. 35
Customizing the Overview Subtab Display................................................................................... 36
Customized Search ..........................................................................................................................38
Setting Severe Alert Warning Behavior ....................................................................................... 38
Defining General AWMS Server Settings .................................................................................... 39
What Next?................................................................................................................................ 46
Defining AWMS Network Settings................................................................................................ 47
What Next?................................................................................................................................ 48
Creating AWMS Users ....................................................................................................................48
What Next?................................................................................................................................ 50
Creating AWMS User Roles ...........................................................................................................50
What Next?................................................................................................................................ 52
Enabling AWMS to Manage Your Devices ..................................................................................52
Configuring Communication Settings for Discovered Devices ........................................ 53
Loading Device Firmware onto AWMS (Optional).............................................................. 58
Overview of the Device Setup > Upload Files Page ................................................... 58
Loading Firmware Files to AWMS................................................................................. 59
Using Web Auth Bundles in AWMS.............................................................................. 60
Configuring TACACS+ and RADIUS Authentication ................................................................... 62
Configuring TACACS+ Authentication ..................................................................................62
What Next?................................................................................................................................ 63
Configuring RADIUS Authentication and Authorization .................................................... 64
Integrating a RADIUS Accounting Server............................................................................ 65
What Next?................................................................................................................................ 65
Configuring Cisco WLSE and WLSE Rogue Scanning................................................................ 66
Introduction to Cisco WLSE.................................................................................................... 66
Configuring WLSE Initially in AWMS ....................................................................................66
Adding an ACS Server for WLSE ...................................................................................67
Enabling Rogue Alerts for Cisco WLSE ........................................................................67
Configuring WLSE to Communicate with APs .............................................................67
Discovering Devices........................................................................................................ 67
Managing Devices ........................................................................................................... 67
Inventory Reporting .........................................................................................................68
Defining Access ...............................................................................................................68
Grouping ............................................................................................................................68
Configuring IOS APs for WDS Participation ........................................................................68
WDS Participation............................................................................................................ 68
Primary or Secondary WDS ...........................................................................................68
Configuring ACS for WDS Authentication............................................................................ 69
Configuring Cisco WLSE Rogue Scanning ........................................................................... 69
What Next?................................................................................................................................ 70
Configuring ACS Servers................................................................................................................. 71
What Next?................................................................................................................................ 72
Integrating AWMS with an Existing Network Management Solution (NMS) ........................ 73
What Next?................................................................................................................................ 74
Auditing PCI Compliance on the Network.................................................................................... 74
Introduction to PCI Requirements .........................................................................................74
PCI Auditing in the AWMS Interface ....................................................................................75
Enabling or Disabling PCI Auditing........................................................................................ 76
What Next?................................................................................................................................ 77
Deploying WMS Offload.................................................................................................................. 77
Overview of WMS Offload in AWMS .................................................................................... 77
General Configuration Tasks Supporting WMS Offload in AWMS.................................. 78
4 | Dell PowerConnect W AirWave 7.1 | User Guide
Additional Information Supporting WMS Offload ............................................................... 78
Chapter 4 Configuring and Using Device Groups in AWMS.........................................................79
AWMS Group Overview ..................................................................................................................80
Viewing All Defined Device Groups ......................................................................................81
Editing Columns on the Groups > List Page and Additional Pages .................................. 82
Configuring Basic Group Settings .................................................................................................83
What Next?................................................................................................................................ 90
Configuring Group Security Settings.............................................................................................91
Configuring Group SSIDs and VLANs ...........................................................................................94
Adding and Configuring Group AAA Servers............................................................................... 98
Configuring Radio Settings for Device Groups.......................................................................... 100
An Overview of Cisco WLC Configuration.................................................................................. 106
Accessing Cisco WLC Configuration ..................................................................................106
Navigating Cisco WLC Configuration.................................................................................. 106
Configuring WLANs for Cisco WLC Devices.............................................................................. 107
Defining and Configuring LWAPP AP Groups for Cisco Devices ................................... 109
Viewing and Creating AP Groups ........................................................................................109
Configuring Cisco Controller Settings......................................................................................... 110
Configuring Wireless Parameters for Cisco Controllers.......................................................... 110
Configuring Security Parameters and Functions ...................................................................... 110
Configuring Management Settings for Cisco ............................................................................ 111
Configuring Group PTMP/WiMAX Settings ...............................................................................112
Configuring Proxim Mesh Radio Settings................................................................................... 116
Configuring Group MAC Access Control Lists........................................................................... 118
Specifying Minimum Firmware Versions for APs in a Group.................................................. 119
Comparing Device Groups ............................................................................................................ 120
Deleting a Group............................................................................................................................. 121
Changing Multiple Group Configurations ................................................................................... 121
Modifying Multiple Devices.......................................................................................................... 122
Using Global Groups for Group Configuration ........................................................................... 125
Chapter 5 Discovering, Adding, and Managing Devices.............................................................127
Device Discovery Overview.......................................................................................................... 127
Discovering and Adding Devices................................................................................................. 127
SNMP/HTTP Scanning ..........................................................................................................128
Adding Networks for SNMP/HTTP Scanning............................................................ 128
Adding Credentials for SNMP/HTTP Scanning......................................................... 129
Defining a SNMP/HTTP Scan Set................................................................................ 130
Running a Scan Set........................................................................................................ 131
What Next?...................................................................................................................... 133
Enabling Cisco Discovery Protocol (CDP) .......................................................................... 134
Assigning Devices to AWMS from APs/Devices > New Page ....................................... 134
Manually Adding Individual Devices .................................................................................. 136
Adding Devices with the Device Setup > Add Page ................................................ 136
Adding Multiple Devices from a CSV File................................................................... 139
Adding Universal Devices............................................................................................. 140
Assigning Devices to the Ignored Page .............................................................................141
Monitoring Devices........................................................................................................................ 142
Viewing Device Monitoring Statistics ................................................................................ 142
Understanding the APs/Devices > Monitor Pages for All Device Types ...................... 146
Monitoring Data Specific to Wireless Devices......................................................... 148
Dell PowerConnect W AirWave 7.1 | User Guide | 5
Monitoring Data Specific to Wired Devices (Routers and Switches)................... 153
Understanding the APs/Devices > Interfaces Page......................................................... 154
What Next?.............................................................................................................................. 155
Auditing Device Configuration .............................................................................................156
Using Device Folders (Optional) .......................................................................................... 157
Configuring and Managing Devices............................................................................................ 158
Moving a Device from Monitor Only to Manage Read/Write Mode.............................. 158
Configuring AP Settings ........................................................................................................159
Configuring Device Interfaces for Cisco Catalyst Switches ........................................... 165
Configuring Cisco Router and Switch Interface Settings................................................ 169
Individual Device Support and Firmware Upgrades ........................................................ 169
Troubleshooting a Newly Discovered Device with Down Status .......................................... 172
Chapter 6 Creating and Using Templates ......................................................................................175
Group Templates ............................................................................................................................175
Supported Device Templates ............................................................................................... 175
Template Variables ................................................................................................................176
Viewing and Adding Templates ...................................................................................................177
Configuring General Template Files and Variables .................................................................. 181
Configuring General Templates ...........................................................................................181
IOS Configuration File Template: ................................................................................. 182
Device Configuration File on APs/Devices > Audit Configuration Page ...............182
Using Template Syntax.......................................................................................................... 183
Using Directives to Eliminate Reporting of Configuration Mismatches ........................ 183
Ignore_and_do_not_push Command ......................................................................... 183
Push_and_exclude Command .....................................................................................183
Using Conditional Variables in Templates ......................................................................... 184
Using Substitution Variables in Templates ........................................................................184
Using AP-Specific Variables ................................................................................................185
Configuring Cisco IOS Templates ................................................................................................ 186
Applying Startup-config Files ............................................................................................... 186
WDS Settings in Templates .................................................................................................. 186
SCP Required Settings in Templates .................................................................................. 187
Supporting Multiple Radio Types via a Single IOS Template ......................................... 187
Configuring Single and Dual-Radio APs via a Single IOS Template ..............................188
Configuring Cisco Catalyst Switch Templates........................................................................... 188
Configuring Symbol Controller / HP WESM Templates............................................................ 188
Configuring a Global Template..................................................................................................... 191
Chapter 7 Using RAPIDS and Rogue Classification .....................................................................195
Overview Tab ..................................................................................................................................195
List..................................................................................................................................................... 197
Viewing Ignored Rogue Devices ......................................................................................... 201
Using RAPIDS Workflow to Process Rogue Devices....................................................... 201
RAPIDS Setup .................................................................................................................................202
Basic Configuration................................................................................................................ 202
Containment Options..............................................................................................................203
Additional Settings................................................................................................................. 204
RAPIDS Rules.................................................................................................................................. 204
Controller Classification with WMS Offload...................................................................... 205
Device OUI Score ................................................................................................................... 205
Rogue Device Threat Level................................................................................................... 206
Viewing and Configuring RAPIDS Rules............................................................................. 206
Deleting or Editing a Rules............................................................................................ 210
Recommended RAPIDS Rules.............................................................................................. 210
6 | Dell PowerConnect W AirWave 7.1 | User Guide
Using RAPIDS Rules with Additional AWMS Functions.................................................. 210
Score Override................................................................................................................................ 210
Audit Log ..........................................................................................................................................212
Additional Rogue Device Resources........................................................................................... 212
Additional Security-Related Topics .................................................................................... 212
Chapter 8 Performing Daily Administration in AWMS.................................................................213
Overview of Triggers and Alerts .......................................................................................... 213
Viewing Triggers..................................................................................................................... 213
Creating New Triggers ..........................................................................................................214
Setting Triggers for Devices......................................................................................... 216
Setting Triggers for Radios........................................................................................... 218
Setting Triggers for Discovery ..................................................................................... 220
Setting Triggers for Users............................................................................................. 221
Setting Triggers for RADIUS Authentication Issues ................................................ 222
Setting Triggers for IDS Events.................................................................................... 223
Setting Triggers for AWMS Health .............................................................................225
Delivering Triggered Alerts................................................................................................... 225
Viewing Alerts.........................................................................................................................226
Responding to Alerts.............................................................................................................. 227
Monitoring and Supporting WLAN Users................................................................................... 228
Overview of the Users Pages ............................................................................................... 228
Monitoring WLAN Users With the Users > Connected and Users > All Pages ........... 229
Supporting Guest WLAN Users With the Users > Guest Users Page ...........................231
Supporting Users on Thin AP Networks With the Users > Tags Page.......................... 233
Evaluating and Diagnosing User Status and Issues................................................................. 234
Evaluating User Status with the Users > User Detail Page............................................. 234
Using the Deauthenticate User Feature ............................................................................. 235
Evaluating User Status with the Users > Diagnostics Page ........................................... 235
Introduction and Overview of the Diagnostics Page ............................................... 235
Supporting AWMS Stations with the Master Console............................................................. 239
Adding a Managed AMP with the Master Console.......................................................... 239
Monitoring and Supporting AWMS with the Home Pages...................................................... 241
Monitoring AWMS with the Home > Overview Page....................................................... 241
Viewing and Updating License Information with the Home > License Page ...............245
Searching AWMS with the Home > Search Page ............................................................ 246
Accessing AWMS Documentation with the Home > Documentation Page ................ 247
Configuring Your Own User Information with the Home > User Info Page .................. 248
Monitoring and Supporting AWMS with the System Pages................................................... 249
Using the System > Status Page.......................................................................................... 251
Using the System > Event Logs Page.................................................................................. 252
Using the System > Configuration Change Jobs Page .................................................... 253
Using the System > Performance Page.............................................................................. 254
Upgrading AWMS ..........................................................................................................................256
Upgrade Instructions ............................................................................................................. 256
Upgrading Without Internet Access ...................................................................................256
Backing Up AWMS ........................................................................................................................256
Overview of Backups............................................................................................................. 256
Viewing and Downloading Backups ...................................................................................257
Running Backup on Demand ................................................................................................ 257
Restoring from a Backup....................................................................................................... 257
AWMS Failover............................................................................................................................... 258
Navigation Section of AWMS Failover....................................................................... 258
Adding Watched AWMS Stations ....................................................................................... 258
Dell PowerConnect W AirWave 7.1 | User Guide | 7
Chapter 9 Creating, Running, and Emailing Reports ....................................................................261
Overview of AWMS Reports......................................................................................................... 261
Reports > Definitions Page Overview .................................................................................261
Reports > Generated Page Overview ................................................................................. 263
Using Daily Reports........................................................................................................................ 264
Viewing Generated Reports ................................................................................................. 264
Using Custom Reports ...........................................................................................................265
Using the Capacity Planning Report ................................................................................... 266
Using the Configuration Audit Report .................................................................................267
Using the Device Summary Report ..................................................................................... 268
Using the Device Uptime Report.......................................................................................... 271
Using the IDS Events Report ................................................................................................ 272
Using the Inventory Report ................................................................................................... 273
Using the Memory and CPU Usage Report ........................................................................ 274
Using the Network Usage Report........................................................................................ 276
Using the New Rogue Devices Report ............................................................................... 277
Using the New Users Report ................................................................................................ 280
Using the PCI Compliance Report ....................................................................................... 281
Using the Port Usage Report................................................................................................ 282
Using the RADIUS Authentication Issues Report .............................................................284
Using the Rogue Containment Audit Report ......................................................................284
Using the User Session Report ............................................................................................285
Defining Reports ............................................................................................................................. 289
Emailing and Exporting Reports ................................................................................................... 292
Emailing Reports in General Email Applications ............................................................... 292
Emailing Reports to Smarthost............................................................................................. 292
Exporting Reports to XML or CSV ........................................................................................ 293
Transferring Reports Using FTP........................................................................................... 293
Chapter 10 Using the AWMS Helpdesk............................................................................................295
AWMS Helpdesk Overview ..........................................................................................................295
Monitoring Incidents with Helpdesk ........................................................................................... 296
Creating a New Incident with Helpdesk..................................................................................... 297
Creating New Snapshots or Incident Relationships................................................................. 298
Using the Helpdesk Tab with an Existing Remedy Server....................................................... 299
Appendix A Package Management for AWMS................................................................................303
Yum for AWMS ...............................................................................................................................303
Appendix B Third-Party Security Integration for AWMS ...............................................................305
Bluesocket Integration .................................................................................................................. 305
Bluesocket Configuration .............................................................................................305
ReefEdge Integration ..................................................................................................................... 305
ReefEdge Configuration ................................................................................................306
HP ProCurve 700wl Series Secure Access Controllers Integration ......................................306
Example Network Configuration .......................................................................................... 306
HP ProCurve 700wl Series Configuration........................................................................... 306
Appendix C Access Point Notes .........................................................................................................309
Resetting Cisco (VxWorks) Access Points................................................................................. 309
Connecting to the AP ............................................................................................................. 309
Determining the Boot-Block Version ..................................................................................310
Resetting the AP (for Boot-Block Versions from 1.02 to 11.06)....................................... 310
Resetting the AP (for Boot-Block Versions 11.07 and Higher)........................................ 310
8 | Dell PowerConnect W AirWave 7.1 | User Guide
Cisco IOS Dual Radio Template ...................................................................................................311
Speed Issues Related to Cisco IOS Firmware Upgrades......................................................... 312
AWMS Firmware Upgrade Process....................................................................................312
Appendix D Initiating a Support Connection.....................................................................................315
Network Requirements.................................................................................................................. 315
Procedure ........................................................................................................................................ 315
Appendix E Cisco Clean Access Integration (Perfigo) ...................................................................317
Prerequisites for Integrating AWMS with Cisco Clean Access............................................. 317
Adding AWMS as RADIUS Accounting Server......................................................................... 317
Configuring Data in Accounting Packets ...................................................................................317
Appendix F HP Insight Install Instructions for AWMS Servers ....................................................319
Appendix G Installing AWMS on VMware ESX (3i v. 3.5) ...............................................................321
Creating a New Virtual Machine to Run AWMS....................................................................... 321
Installing AWMS on the Virtual Machine................................................................................... 321
AWMS Post-Installation Issues on VMware............................................................................. 322
Appendix H Third-Party Copyright Information ................................................................................323
Packages .................................................................................................................................323
Net::IP:.............................................................................................................................. 323
Net-SNMP: ......................................................................................................................323
Crypt::DES perl module (used by Net::SNMP):.......................................................... 326
Perl-Net-IP: .....................................................................................................................327
Berkeley DB 1.85: ...........................................................................................................327
SWFObject v. 1.5:............................................................................................................ 328
mod_auth_tacacs - TACACS+ authentication module: ...........................................328
Dell PowerConnect W AirWave 7.1 | User Guide | 9
10 | Dell PowerConnect W AirWave 7.1 | User Guide
Preface
This preface provides an overview of this guide, a list of all documentation available for AWMS 7.1, including
contact information for Dell, and includes the following sections:
“Document Organization” on page11
“Notice Icons” on page12
“Contacting Support” on page12
Document Organization
This user guide includes instructions and examples of the graphical user interface (GUI) for installation,
configuration, and daily operation of Dell PowerConnect W AirWave Wireless Management Suite. This includes
wide deployment of wireless access points (APs), device administration, rogue detection and classification,
wireless controller devices, security, reports, and additional features of AWMS.
Table 1 Document Organization and Purposes
Chapter Description
Chapter 1, “Introduction” Introduces and presents the AirWave Wireless Management Suite,
AWMS components, and general network functions.
Chapter 2, “Installing AWMS” Describes system and network requirements, Linux OS in
Chapter 3, “Configuring AWMS” Describes the primary and required configurations for startup and launch
Chapter 4, “Configuring and Using Device Groups in
AWMS”
Chapter 5, “Discovering, Adding, a
Devices”
Chapter 6, “Creating and Using Templates” Describes and illustrates the use of templates in group and global device
Chapter 7, “Using RAPIDS and Rogue Classification” Describes the RAPIDS module of AWMS, and enhanced rogue
Chapter 8, “Performing Daily Administration in
AWMS”
Chapter 9, “Creating, Running, and Emailing Reports” Describes AWMS reports, scheduling and generatio
nd Managing
AWMS installation.
of AWMS, with frequently used optional configurations.
Describes configuration and deployment for group device profiles.
Describes how to discover and manage devices on the network.
nfiguration.
co
classification supported in AWMS.
Describes common daily operations and tools
general user administration, the use of triggers and alerts, network
monitoring, and backups.
distribution of reports from AWMS.
in AWMS, to include
stallation, and
n options, and
Chapter 10, “Using the AWMS Helpdesk” Describes how to use the AWMS Help
Appendix A, “Package Management for AWMS” Describes the Yum packaging management system, and provides
ad
visories on alternative methods that may cause issues with AWMS.
Appendix B, “Third-Party Security Integration for
AWMS”
Appendix C, “Access Point Notes” Provides guidelines and suggestions for
Dell PowerConnect W AirWave 7.1 | User Guide Preface | 11
Describes additional and optional security configurations in A
desk GUI and related functions.
WMS.
Access Point devices in AWMS.
Table 1 Document Organization and Purposes
Chapter Description
Appendix D, “Initiating a Support Connection” Provides instructions about how to create and use a support connection
between AWMS and AirWave Wireless Support.
Appendix E, “Cisco Clean Access Integration
(Perfigo)”
Appendix F, “HP Insight Install Instructions for
AWMS Servers”
Appendix G, “Installing AWMS on
3.5)”
Appendix H, “Third-Party Co
Index Provides extensive citation of and links to document topics, with
VMware ESX (3i v.
pyright Information” Presents multiple copyright statements from multiple equipment vendors
Provides instructions for integrating Cisco Clean Access within AWMS.
Provides instructions for installing HP Insig
Provides instructions for an alternative installation option on VMware
ESX for AWMS.
that interoperate with AWMS.
emphasis on the AWMS GUI and tasks relating to AWMS installation and
operation.
ht on AWMS servers.
Notice Icons
This document uses the following notice icons to emphasize advisories for certain actions, configurations, or
concepts:
Note: Indicates helpful suggestions, pertinent information, and important things to remember.
Caution: Indicates a risk of damage to your hardware or loss of data
Warning: Indicates a risk of personal injury or death.
Contacting Support
Table 2 Support Web Sites
Web Site
Main Site www.dell.com
Support Site support.dell.com
12 | Preface Dell PowerConnect W AirWave 7.1 | User Guide
Chapter 1
Introduction
Thank you for choosing the Dell PowerConnect W AirWave Wireless Management Suite, or AWMS. AWMS
makes it easy and efficient to manage your wireless network by combining industry-leading functionality with an
intuitive user interface, enabling network administrators and helpdesk staff to support and control even the
largest wireless networks in the world.
This User Guide provides instructions for the installation, configuration,
and operation of the AirWave Wireless
Management Suite. This chapter includes the following topics:
“AWMS—A Unified Wireless Network Command Center” on page13
“AWMS Navigation Basics” on page22
“Integrating AWMS into the Network and Organizational Hierarchy” on page15
If you have any questions or comments,
please contact Dell support.
AWMS—A Unified Wireless Network Command Center
AWMS is the only network management software that offers you a single intelligent console from which to
monitor, analyze, and configure wireless networks in automatic fashion. Whether your wireless network is simple
or a large, complex, multi-vendor installation, AWMS manages it all.
The AirWave Wireless Management Suite supports hardware from leading wireless v
Alcatel-Lucent, Aruba Networks, Avaya, Cisco (Aironet and WLC), Colubris Networks, Enterasys, Juniper
Networks, LANCOM Systems, Meru, Nomadix, Nortel, ProCurve by HP, Proxim, Symbol, Trapeze, Tropos, and
many others.
The components of the AirWave Wireless Management Suit
The Dell PowerConnect W AirWave Management Platform (AMP) wireless network management software,
e are listed here, and detailed below:
including the Dell PowerConnect W Configuration feature that supports global configuration of Dell
PowerConnect W controllers.
VisualRF location and RF mapping software module
endors, including Dell,
RAPIDS rogue access point detection software module
Master Console and Failover tabs.
AirWave Management Platform™
The AirWave Management Platform (AMP) is the centerpiece of the Dell PowerConnect W AirWave wireless
management solution, offering the following functions and benefits:
Core network management functionality:
Network discovery
Configuration of APs & controllers
Automated compliance audits
Firmware distribution
Monitoring of every device and user connected to the wireless network
Real-time and historical trend reports
Granular administrative access
Dell PowerConnect W AirWave 7.1 | User Guide Introduction | 13
Role-based (for example, Administrator contrasted with Help Desk)
Network segment (for example, "Retail Store" network contrasted with "Corporate HQ" network)
Flexible device support
Thin, thick, mesh and WiMAX network architecture
Multi-vendor support
Current and legacy hardware support
Dell PowerConnect W Configuration
AWMS supports global configuration of ArubaOS (AOS). AOS is the operating system, software suite, and
application engine that operates Dell PowerConnect W mobility and centralizes control over the entire mobile
environment. The AOS Wizards, the AOS command-line interface (CLI), and the AOS WebUI have been the
primary means by which to configure and deploy AOS. For a complete description of AOS, refer to the ArubaOS
User Guide.
AWMS consolidates ArubaOS configuration and pushes globa
l Dell PowerConnect W configurations from
within AWMS.
Two pages in AWMS support Dell PowerConn
Device Setup > Dell PowerConnect W Configuration
Groups > Dell PowerConnect W Config
AWMS also introduces new settings and functionality on ad
ect W Configuration:
ditional pages in support of Dell PowerConnect W
Configuration. For additional information that includes a comprehensive inventory of all pages and settings that
support Dell PowerConnect W Configuration, refer to the Dell PowerConnect W AirWave Wireless Management
Suite Configuration Guide.
VisualRF™
VisualRF is a powerful tool for monitoring and managing Radio Frequency (RF) dynamics within your wireless
network, to include the following functions and benefits:
Accurate location information for all wireless users and devices
Up-to-date heat maps and channel maps for RF diagnostics
Adjusts for building materials.
Supports multiple antenna types.
Floor plan, building, and campus views
Visual display of errors and alerts
Easy import of existing floor plans and building maps
RAPIDS™
RAPIDS is a powerful and easy-to-use tool for monitoring and managing security on your wireless network, to
include the following features and benefits:
Automatic detection of unauthorized wireless devices
Rogue device classification that supports multiple methods of rogue detection
Wireless detection:
Uses authorized wireless APs to report other devices within range.
Calculates and displays rogue location on VisualRF map.
Wired network detection:
Discovers Rogue APs located beyond the range of authorized APs/sensors.
14 | Introduction Dell PowerConnect W AirWave 7.1 | User Guide
Queries routers and switches.
Ranks devices according to the likelihood they are rogues.
Multiple tests to eliminate false positive results.
Provides rogue discovery that identifies the switch and port to which a rogue device is connected.
Master Console and Failover
The AWMS Master Console and Failover tools enable network-wide information in easy-to-understand
presentation, to entail operational information and high-availability for failover scenarios. The benefits of these
tools include the following:
Provides network-wide visibility, even when the WLAN grows to 50,000+ devices.
Executive Portal allows executives to view high-level usage and performance data.
Aggregated Alerts
Failover
Many-to-one failover
One-to-one failover
The Master Console and Failover servers can be configured with a Devic
e Down trigger that generates an alert if
communication is lost. In addition to generating an alert, the Master Console or Failover server can also send
email or NMS notifications about the event. See “Using Triggers and Alerts” on page232.
Integrating AWMS into the Network and Organizational Hierarchy
AWMS generally resides in the NOC and communicates with various components of your WLAN infrastructure.
In basic deployments, AWMS communicates solely with indoor wireless access points and WLAN controllers
over the wired network. In more complex deployments AWMS seamlessly integrates and communicates with
authentication servers, accounting servers, TACACS+ servers, routers, switches, network management servers,
wireless IDS solutions, help systems, indoor wireless access points, mesh devices, and WiMAX devices.
AWMS has the flexibility to manage devices on local net
Address Translation (NAT). AWMS communicates over-the-air or over-the-wire utilizing a variety of protocols.
The power, performance, and usa
bility of the AWMS solution become more apparent when considering the
diverse components within a Wireless LAN. Table 3 itemizes such network components, as an example.
Table 3 Components of a Wireless LAN
Component Description
Autonomous AP Standalone device which performs radio and authentication functions
Thin AP Radio-only device coupled with WLAN controller to perform authentication
works, remote networks, and networks using Network
WLAN controller Used in conjunction with thin APs to coordinate authentication and roaming
NMS Network Management Systems and Event Correlatio
RADIUS Authentication RADIUS Authentication servers (Funk
RADIUS Accounting AWMS itself serves as a RADIUS accounting client
Wireless Gateways Provide HTML redirect and/or wireless VPNs
TACACS+ Used to authenticated AWMS administrative user
Routers/Switches Provide AWMS with data for user information and AP and Rogue discovery
Help Desk Systems Remedy EPICOR
Dell PowerConnect W AirWave 7.1 | User Guide Introduction | 15
, FreeRADIUS, ACS, or IAS)
n (OpenView, Tivoli, and so forth)
s
Table 3 Components of a Wireless LAN
Component Description
Rogue APs Unauthorized APs not registered in the AWMS database of managed APs
The flexibility of AWMS enables it to integrate seamlessly into your business hierarchy as well as your network
topology. AWMS facilitates various administrative roles to match each individual user's role and responsibility.
Further flexibility and administrative power in
A Help Desk user may be given read-only access to monitoring data without being permitted to make
clude the following benefits:
configuration changes.
A U.S.-based network engineer may be given read-write access to manage device configurations in North
America, but not to control devices in the rest of the world.
A security auditor may be given read-write access to configure security policies across the entire WLAN.
NOC personnel may be give read-only access to monitoring all devices from the Master Console.
16 | Introduction Dell PowerConnect W AirWave 7.1 | User Guide
Chapter 2
Installing AWMS
This chapter contains information and procedures for installing and launching the AirWave Wireless
Management Suite (AWMS), and includes the following topics:
“AWMS Hardware Requirements and Installation Media” on page17
“Installing Linux CentOS 5 (Phase 1)” on page17
“Installing AWMS Software (Phase 2)” on page18
“Configuring and Mapping Port Usage for AWMS” on page21
“AWMS Navigation Basics” on page22
“Getting Started with AWMS” on page29
Note: AWMS does not support downgrading to older versions. Significant data could be lost or compromised in such a
downgrade. In unusual circumstances requiring that you return to an earlier version of AWMS, we recommend you perform a
fresh installation of the earlier AWMS version, and then restore data from a pre-upgrade backup.
AWMS Hardware Requirements and Installation Media
The AWMS installation CD includes all software (including the Linux OS) required to complete the installation
of the AirWave Wireless Management Suite. AWMS supports any hardware that is Red Hat Enterprise Linux 5
certified. By default, all installs are based on a 64-bit operating system.
AWMS hardware requirements vary by version. As additio
nal features are added to AWMS, increased hardware
resources become necessary. For the most recent hardware requirements, download the Dell PowerConnect W
Airwave Hardware Sizing Guide from http://support.dell.com/manuals.
Installing Linux CentOS 5 (Phase 1)
Perform the following steps to install the Linux CentOS 5 operating system. The Linux installation is a
prerequisite to installing AWMS on the network management system.
Caution: This procedure erases the hard drive(s) on the server
1. Insert the AWMS installation CD-ROM into the dr
2. If this is a new installation of
Note: When you press Enter, all existing data on the hard drive is erased.
the AWMS software, type install and press Enter.
ive and boot the server.
To configure the partitions manually, type expe
Dell PowerConnect W AirWave 7.1 | User Guide Installing AWMS | 17
rt and press Enter.
The following message appears on the screen.
Welcome to AWMS Installer Phase I
- To install a new AMP, type install <ENTER>.
WARNING: This will ERASE all data on your hard drive.
- To install AWMS and manually configure hard drive settings, type expert <ENTER>.
boot:
AWMS is intended to operate as a soft appliance. Other applications should not run on the same installation.
Additionally, local shell users can access data on AWMS, so it is important to restrict access to the shell only
to authorized users.
You can create sudo users in place of root for companies that don't allow root logins.
1. Allow the installation process to continue in automatic fash
ion. Installing the CentOS software (Phase I)
takes 10 to 20 minutes to complete. This process formats the hard drive and launches Anaconda to install all
necessary packages. Anaconda gauges the progress of the installation.
Upon completion, the system automatically reboots
and ejects the installation CD.
2. Remove the CD from the drive and store in a safe location.
Installing AWMS Software (Phase 2)
Getting Started
After the reboot, the GRUB screen appears.
1. Press En
2. When the kernel is loaded, log into the server using the following credentials:
login = root
password = admin
3. Start the AWMS software installation script
Type
Step 1: Configuring Date and Time, Checking for Prior Installations
ter or wait six seconds, and the system automatically loads the smp kernel.
by executing the ./amp-install command.
./amp-install at the command prompt and press Enter to execute the script.
Date and Time
The following message appears, and this step ensures the proper date and time are set on the server.
------------------------ Date and Time Configuration -----------------Current Time: Fri Nov 21 09:18:12 PST 2008
1) Change Date and Time
2) Change Time Zone
0) Finish
Ensure that you enter the accurate date and time during this process. Errors will arise later in the installation if
the specified date varies significantly from the actual date.
1. Select 1 to set the dat
message menu above.
18 | Installing AWMS Dell PowerConnect W AirWave 7.1 | User Guide
e and select 2 to set the time zone. Press Enter after each configuration to return to the
Caution: Changing these settings after the installation can cause a loss of graphical data, and you should avoid delayed
configuration.
2. Press 1 to complete the configuration of date and time information, and to continue to the next step.
Previous AWMS Installations
The following message appears after date and time are set.
Welcome to AWMS Installer Phase 2
STEP 1: Checking for previous AWMS installations
If a previous version of AWMS software is not discovered, the installation program automatically proceeds to
“Step 2: Installing AWMS Software, Including AWMS” on page 19. If a previous version of the software is
discovered, the following message appears on the screen.
The installation program discovered a previous version of the software. Would you
like to reinstall AWMS? This will erase AWMS's database. Reinstall (y/n)?
1. Type y and press Enter to proceed.
Caution: This action erases the current database, including all historical information. To ensure that the AWMS database is
backed up prior to reinstallation, answer `n` at the prompt above and contact your Value Added Reseller or directly contact Dell
support.
Step 2: Installing AWMS Software, Including AWMS
The following message appears while AWMS software is transferred and compiled.
STEP 2: Installing AWMS software
This will take a few minutes.
Press Alt-F9 to see detailed messages.
Press Alt-F1 return to this screen.
This step requires no user input, but you have the option of monitoring progress in more detail should you wish
to do so:
To view detailed output from the AWMS software installer, press Alt-F9 or Ctrl-Alt-F9.
Pressing Alt-F1 or Ctrl-Alt-F1 returns you to the main console.
Step 3: Checking the AWMS Installation
After the AWMS software installation is complete, the following message appears:
STEP 3: Checking AWMS installation
Database is up.
AWMS is running version: (version number)
This step requires no user input. Proceed to the next step as prompted to do so.
Step 4: Assigning an IP Address to the AWMS System
While the AWMS primary network interface accepts a DHCP address initially during installation,
AWMS does not function when launched
address. The following message appears:
unless a static IP is assigned. Complete these tasks to assign the static IP
Dell PowerConnect W AirWave 7.1 | User Guide Installing AWMS | 19
STEP 4: Assigning AWMS's address
AWMS must be configured with a static IP.
--------------- Primary Network Interface Configuration -------------
1) IP Address : xxx.xxx.xxx.xxx
2) Netmask : xxx.xxx.xxx.xxx
3) Gateway : xxx.xxx.xxx.xxx
4) Primary DNS : xxx.xxx.xxx.xxx
5) Secondary DNS: xxx.xxx.xxx.xxx
9) Commit Changes
0) Exit (discard changes)
If you want to configure a second network interface, please
use AWMS's web interface, AWMS Setup --> Network Tab
1. Enter the network information.
Note: The Secondary DNS setting is an optional field.
2. Commit the changes by typing 9 and
To discard the changes, type 0 and
pressing Enter.
press Enter.
Step 5: Naming the AWMS Network Administration System
Upon completion of the previous step, the following message appears.
STEP 5: Naming AWMS
AWMS name is currently set to: New AWMS
Please enter a name for your AWMS:
1. At the prompt, enter a name for your AWMS server and press Enter.
Step 6: Assigning a Host Name to the AWMS
Upon completion of the previous step, the following message appears on the screen.
STEP 6: Assigning AWMS's hostname
Does AWMS have a valid DNS name on your network (y/n)?
1. If AWMS does not have a valid host name on the network, enter `n` at the prompt. The following message
appears:
Generating SSL certificate for < IP Address >
2. If AWMS does have a valid host name on the network, enter `y` at the prompt. The following message
appears:
Enter AWMS's DNS name:
3. Type the AWMS DNS name and press Enter. The following message appears:
Generating SSL certificate for < IP Address >
Proceed to the next step as the system prompts you.
20 | Installing AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Step 7: Changing the Default Root Password
Upon completion of the prior step, the following message appears.
STEP 7: Changing default root password.
You will now change the password for the 'root' shell user.
Changing password for user root.
New Password:
1. Enter the new root password and press Enter. The Linux root password is similar to a Windows administrator
password. The root user is a super user who has full access to all commands and directories on the computer.
Aruba recommends keeping this
password as secure as possible because it allows full access to the machine.
This password is not often needed on a day-to-day basis, but is required to perform AWMS upgrades and
advanced troubleshooting. If you lose this password, contact Dell support for instructions on resetting it.
Completing the Installation
Upon completion of all previous steps, the following message appears.
CONGRATULATIONS! AWMS is configured properly.
To access AWMS web console, browse to https://<IP A
Login with the following credentials:
Username: admin
Password: admin
ddress>
To view the Phase 1 installation log file, type cat /root/install.log.
To view the Phase 2 installation log file, type cat /tmp/AWMS-install.log.
To access the AWMS GUI, enter the AWMS IP address in the address bar of any browser. The AWMS GUI
then prompts for your license key. If you are entering a dedicated Master Console or AWMS Failover license,
refer to “Supporting AWMS Stations with the Master Console” on page 239 for additional information.
Configuring and Mapping Port Usage for AWMS
The following diagram itemizes the communication protocols and ports necessary for AWMS to communicate
with wireless LAN infrastructure devices, including access points (APs), controllers, routers, switches, and
RADIUS servers. Assign or adjust port usage on the network administration system as required to support these
components.
Table 4 AWM
Port Ty pe Protocol Description
21 TCP FTP Configure devices and FW
22 TCP SSH Configure devices > APs or controllers
S Protocol and Port Chart
distribution
Dataflow
Direction
> Legacy AP (Cisco 4800)
Device Type
22 TCP SSH Configure AWMS from CLI < Laptop or workstation
22 TCP VTUN Support connection (optional) > AirWave support home office
22 TCP SCP Transfer configuration files or FW < APs or controllers
23 TCP Te ln e t Configure devices > APs or controllers
23 TCP VTUN Support connection (Optional) > AirWave support home office
Dell PowerConnect W AirWave 7.1 | User Guide Installing AWMS | 21
Table 4 AWMS Protocol and Port Chart (Continued)
Port Ty pe Protocol Description
25 TCP SMTP Support email (optional) > AirWave support email server
49 UDP TACACS AWMS Administrative
uthentication
A
53 UDP DNS DNS lookup from AWMS > DNS Server
69 UDP TFTP Transfer configuration files or FW < APs or controllers
80 TCP HTTP Configure devices > Legacy APs
80 TCP HTTP Firmware upgrades < Colubris devices
80 TCP VTUN Support connection (optional) > AirWave support home office
161 UDP SNMP Get and Set operations > APs or controllers
162 UDP SNMP Traps from devices < APs or controllers
162 UDP SNMP Traps from AWMS > NMS
443 TCP HTTPS Web management < Laptop or workstation
443 TCP HTTPS WLSE polling > WLSE
443 TCP VTUN Support connection (optional) > AirWave support home office
Dataflow
Direction
> Cisco TACACS+
Device Type
1701 TCP HTTPS AP and rogue discovery > WLSE
1741 TCP HTTP WLSE polling > WLSE
1813 UDP RADIUS Retrieve client authentication
1813 UDP RADIUS Retrieve client authentication
1813 UDP RADIUS Outbound from AWMS to a
2002 TCP HTTPS Retrieve client authentication
5050 UDP RTLS Real Time Location Feed < Aruba thin APs
8211 UDP PAPI Real Time Feed < >
ICMP Ping Probe > APs or controllers
info
info
RADIUS
administrator authentication
info
server for AWMS
< Accounting Server
< AP or controllers
> RADIUS server
> ACS
WLAN switches
AWMS Navigation Basics
Every AWMS page contains three basic sections, as follows:
Status Section
Navigation Section
Activity Section
The AWMS pages also contain Help
links with GUI-specific help information and certain standard action
buttons. illustrates these sections.
22 | Installing AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Status Section
The Status section provides a snapshot view of overall WLAN performance and provides direct links for
immediate access to key system components. The Status section remains at the top of all pages in the AWMS
and RAPIDS modules. AWMS includes the ability to customize the contents of the Status section from the
Home > User Info page, to include support for both wireless and wired network components. Refer to
“Configuring Your Own User Inform
The table below describes these elements in further detail.
Table 5 Status Section Components of the AWMS Graphical User Interface (GUI)
Field Description
New Devices The number of wireless APs or wireless LAN controllers that have been discovered by AWMS but not yet
managed by network administrators. When you click this link, AWMS directs you to a page that displays a
detailed list of devices awaiting authorization.
ation with the Home > User Info Page” on page248.
Up (Wired,
W
ireless,
and combined)
Down (Wired,
Wi
reless,
and combined)
Mismatched The total number of Mismatched devices. A device
Rogue The number of devices that have been classified by the RAPIDS rules engine above the threshold defined on
Users The number of wireless users currently associated to the wireless network via all the APs ma
Alerts Displays the number of non-acknowledged AWMS alerts generated by user
Severe Alerts
(conditional)
Device Types to
Include in Header
Stats
The number of managed, authorized devices that are currently responding to AWMS requests. When you
click this link, AWMS will direct you to a page that displays a detailed list of all Up devices.
The number of managed, authorized devices that are not currently responding to AWMS SNMP requests.
When you click this link, AWMS will direct you to a page that displays a detailed list of all "Down" devices.
is considered mismatched when the desired
configuration in AWMS does not match the actual device configuration read from the device.
the Home > User Info page.
AWMS. When you click this link, AWMS directs you to a page that contains a list of users that are
associated.
click this link, AWMS directs you to a page containing a detailed list of active alerts.
When triggers are given a severity of Critical, they generate Severe Alerts. When a Severe Alert exists, a
new component appears at the right of the Status field in bold red font. Only users configured on the Home >
User Info page to be enabled to view critical alerts can see Severe Alerts. The functionality of Severe Alerts
is the same as that described above for Alerts. However, unlike Alerts, the Severe Alerts section is hidden if
there are no Severe Alerts.
You can support statistics for any combination of
Autonomous APs
Controllers
Routers/Switches
Thin APs
Universal Devices
Refer to
“Configuring Your Own User Information with the Home > User Info Page” on page 248.
the following device types:
-configured triggers. When you
naged by
Search Search performs partial string searches on a large number
version, radio serial number, device serial number, LAN MAC, radio MAC and apparent IP of all the APs as
well as the client MAC, VPN user, LAN IP, VPN IP fields.
of fields including the notes, version, secondary
Navigation Section
The Navigation Section displays tabs for all main GUI pages within AWMS. The top bar is a static navigation bar
containing tabs for the main components of AWMS, while the lower bar is context-sensitive and displays the submenus for the highlighted tab.
Dell PowerConnect W AirWave 7.1 | User Guide Installing AWMS | 23
Table 6 Components and Sub-Menus of the AWMS Navigation Screen
Main Tab Description Sub-Menus
Home The Home pages provide basic AWMS information including system
name, host name, IP address, current time, running time, and software
version.
The Home page also provides a centr
al point for network status
information and monitoring tools, giving graphical display of network
activity.
The Home >
Overview page provides links to many of the most frequent
tools in AWMS.
For additional information, refer to “Monitoring and Supporting AWMS
with the Home Pages” on page24
Helpdesk The Helpdesk pages
provide an interface for support and diagnostic tools.
1.
For additional information refer to Chapter 10, “Using the AWMS
Helpdesk” on page295.
Groups The Groups pages provide information on the logical "groups" of devices
that have been established for efficient monitoring and configuration. For
additional information, see Chapter 4, “Configuring and Using Device
Groups in AWMS” on page79.
NOTE: Some of
the focused sub-menus will not appear for all groups.
Focused sub-menus are visible based on the device type field on the
Groups > Basic page. This sub-menu is the first page to appear when
adding or editing groups.
NOTE: Wh
en individual device configurations are specified, device-level
settings override the Group-level settings to which a device belongs.
Overview
Search
Documentation
License
User Info
Incidents
Setup
List
Focused Sub-Menus
Monitor
Basic
Templates
Security
SSIDs
AAA Servers
Radio
Dell PowerConnect W Config
Cisco WLC Config
PTMP/WiMAX
Proxim Mesh
Colubris
MAC ACL
Firmware
Compare (Master Console
Only)
APs/Devices The APs/Devices pages provide detailed information about all authorized
APs and wireless LAN switches or controllers on the network, including
all configuration and current monitoring data.
These pages interact with several additional pages in A
WMS. One
chapter to emphasize the APs/Devices pages is Chapter 5, “Discovering,
Adding, and Managing Devices” on page127.
NOTE: Wh
en specified, device-level settings override the default Group-
level settings.
Users The Users p
ages provide detailed information about all client devices and
users currently associated to the WLAN. For additional information, refer
to “Monitoring and Supporting WLAN Users” on page22
24 | Installing AWMS Dell PowerConnect W AirWave 7.1 | User Guide
8.
List
New
Up
Down
Mismatched
Ignored
Focused Sub-Menus
Manage
Audit
Compliance
Interfaces
Containment Status
Connected
All
Guest Users
User Detail
Diagnostics
Tags
Table 6 Components and Sub-Menus of the AWMS Navigation Screen (Continued)
Main Tab Description Sub-Menus
Reports The Reports pages list all the standard and custom reports generated by
AWMS. AWMS supports 13 reports in the AWMS module. For additional
information, refer to Chapter 9, “Creating, Running, and Emailing Reports”
on page26
System The Sy
1.
stem page provides information about AWMS operation and
administration, including overall system status, the job scheduler, trigger/
alert administration, and so forth. For additional information, refer to
“Monitoring and Supporting AWMS with
page24
9.
Device Setup The Device Setup p
ages provide the ability to add, configure, and monitor
the System Pages” on
devices, to include setting AP discovery parameters, performing firmware
management, defining VLANs, and so forth. For additional information,
refer to “Enabling AWMS to Manage Your Devices” on page52.
AMP Setup The AM
P Setup pages provide all information relating to the configuration
of AWMS itself and its connection to your network. This page entails
several processes, configurations, or tools in AWMS. For additional
information, start with Chapter 3, “Configuring AWMS” on page31.
NOTE: The AMP Setup pages
may not be visible, depending on the role
and license set in AWMS.
Generated
Definition
Focused Sub-Menus
Details
Status
Event Log
Triggers
Alerts
Configuration Change Jobs
Firmware Upgrade Jobs
Performance
Discover
Add
Communication
Aruba Configuration
Upload Files
General
Network
Users
Roles
Authentication
WLSE
ACS
NMS
RADIUS Accounting
PCI Compliance
RAPIDS The RAPIDS pages
points, including methods of discovery and lists of discovered and
possible rogues. For additional information, refer to Chapter 7, “Using
RAPIDS and Rogue Classification” on page19
NOTE: The RAPIDS pages may not be visib
license set in AWMS.
VisualRF VisualRF
pages provide graphical access to floor plans, client location,
and RF visualization for floors, buildings, and campuses that host your
network. For additional information, refer to the VisualRF User Guide.
NOTE: V
isualRF may not be visible, depending on the role and license set
in AWMS.
provide all information relating to rogue access
5.
le, depending on the role and
Overview
Rogue APs
Setup
Rules
Score Override
Audit Log
Overview
Floor Plans
Campus/Building
Setup
Import
Note: The AMP Setup tab varies with user role. The RAPIDS and VisualRF tabs appear based on the license entered on the Home
> License page, and might not be visible on your AWMS view.
Activity Section
The Activity section displays all detailed configuration and monitoring information, and is where changes are
implemented.
Dell PowerConnect W AirWave 7.1 | User Guide Installing AWMS | 25
Help Links in the GUI
The Help link is available on every page within AWMS. When clicked, this launches a PDF document with
information describing the AWMS page that is currently displayed.
Note: Adobe Reader must be installed to view the settings and default values in the PDF help file.
Common List Settings
All of the lists in AWMS have some common options. All lists are paginated with a configurable number of items
per page, as shown in Figure 1.
Figure 1 Example of Co
Clicking on the left most down arrow allows you to set
down arrow is used to jump to a specific page in the list. Clicking it will bring up a drop down menu that allows
you to select the exact page you would like to view, as shown in Figure 2.
Figure 2 C
ommon List Settings Choose Columns Illustration
mmon List Settings Configurable Attributes
how many rows appear on one page of the list. The next
The Cho
which they are presented. To disable a column simply uncheck the checkbox. To reorder the columns, click and
drag a specific row to the appropriate new position. When you are satisfied with the enabled columns and their
order, click on the save button.
26 | Installing AWMS Dell PowerConnect W AirWave 7.1 | User Guide
ose Columns option allows you to configure the columns that are presented in the list and the order in
These settings are user specific. To reset them to the defaults click the Reset List Preferences button on the
Home > User Info page.
Buttons and Icons
Standard buttons and icons are used consistently from screen to screen throughout the AWMS user pages and
GUI, as itemized in the following table:
Table 7 Standard Buttons and Icons of the AWMS User Page
Buttons and
Icons
Acknowledge Acknowledges and clears an AWMS alert.
Add Adds the object to both AWMS' database and the onscreen display list.
Add Folder Adds a new folder to hierarchically organize APs.
Alert Indicates an alert.
Apply Applies all "saved" configuration chang
Attach Attaches a snapshot of an AWMS screen to a Helpde
Audit Reads device configuration, compare to desired, and update status.
Bandwidth Displays current bandwidth for group.
Choose Chooses a new Helpdesk incident to
Create Creates a new Helpdesk incident.
Customize Ignores selected settings when calculating the configur
Appearance
a
Description
es to devices on the WLAN.
sk incident.
be the Current Incident.
ation status.
Delete Deletes an object from AWMS' database.
Down Indicates down devices and radios.
Drag and Drop Dragging and dropping objects with this icon changes the sequence of items in
relation to each other. Refer to “Using RAPIDS and Rogue Cla
page19
Duplicate Duplicates or makes a copy of the configur
Edit Edits the object properties.
Email Links to email reports.
Filter Filters rogue list by score and/or ad hoc status.
Google Earth Views device's location in Google Earth (requires plug-in).
Manage Manages the object properties.
Dell PowerConnect W AirWave 7.1 | User Guide Installing AWMS | 27
5 as one example of drag-and-drop.
ation of an AWMS object.
ssification” on
Table 7 Standard Buttons and Icons of the AWMS User Page (Continued)
Buttons and
Icons
Mismatched Indicates mismatched device configuration, in which the most recent configuration
Monitor Indicates an access point is in “monitor only" mode.
Ignore Ignores specific device(s)
Import Updates a Group's desired settings to
New Devices Indicates new access
Poll Now Polls device (or controller) immediately, override group polling settings.
Preview Displays a preview of changes applicable to multiple groups.
Print Prints the report.
Reboot Reboots devices or AWMS.
Refresh Refreshes the display of flash graph
Relate Relates an AP, Group or Client to a Helpdesk incident.
Appearance
a
Description
in AWMS and the current configuration on a device are mismatched.
- devices selected with check boxes.
match current settings.
points and devices.
s when settings have changed.
Replace Hardware Confers configuration and history of one AP to a replacement device.
Revert Returns all configurable data on the screen to its original status.
Rogue Indicates a rogue access point.
Run Runs a new user-defined report.
Save Saves the information on the page in the AWMS database.
Save & Apply Saves changes to AWMS' database and apply all changes to devices.
Scan Scans for devices and rogues
Schedule Schedules a window for reports, device changes, or maintenance.
Search Searches AWMS for the specified name, MAC or IP address.
Set Time Range Sets the time range for flash graphs to the range
Up Indicates access points which are in the up status.
Update Firmware Applies a new firmware image to an AP/device.
User Indicates a user.
View Graph in New
Window
Displays flash graphs in a new window.
using selected networks.
specified with the time-range bar.
VisualRF Links to VisualRF - real time visualization.
XML Links to export XHTML versions of reports.
a. Not all AWMS GUI components are itemized in graphic format in this table.
28 | Installing AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Getting Started with AWMS
This topic describes how to perform an initial launch of the AWMS network management solution. This topic
requires successful completion of installation, as described earlier in this chapter. This topic prepares the
administrator for wider deployment and device support and operations once initial startup is complete.
Completing Initial Login
Use your browser to navigate to the static IP address assigned to the internal page of the AWMS. Once your
session launches, the Authentication Dialog Box appears as shown in Figure 3.
Figure 3 Authentication Dialog Box
Perform these steps to complete the initial login.
1. Enter User name admi
2. Enter Password admi
3. Click OK
After successful authentication, y
Note: AWMS pages are protected via SSL.
Aruba recommends changing the default log
AWMS User Roles” on page 50 for additional information.
n
n
our browser launches the AWMS Home Overview page.
in and password on the AMP Setup > Users page. Refer to the procedure “Creating
Dell PowerConnect W AirWave 7.1 | User Guide Installing AWMS | 29
30 | Installing AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Chapter 3
Configuring AWMS
This chapter contains the following procedures to deploy initial AWMS configuration:
“Formatting the Top Header” on page31
“Customizing Columns in Lists” on page33
“Resetting Pagination Records” on page34
“Using the Pagination Widget” on page34
“Using CSV Export for Lists and Reports” on page35
“Defining Graph Display Preferences” on page35
“Customizing the Overview Subtab Display” on page36
“Setting Severe Alert Warning Behavior” on page38
“Defining General AWMS Server Settings” on page39
“Defining AWMS Network Settings” on page47
“Creating AWMS Users” on page48
“Creating AWMS User Roles” on page50
“Enabling AWMS to Manage Your Devices” on page52
“Configuring TACACS+ and RADIUS Authentication” on page62
“Configuring Cisco WLSE and WLSE Rogue Scanning” on page66
“Configuring ACS Servers” on page71
“Integrating AWMS with an Existing Network Management Solution (NMS)” on page73
“Auditing PCI Compliance on the Network” on page74
“Deploying WMS Offload” on page77
Note: Additional configurations of multiple types are available after basic configuration is complete, as shown in this chapter.
Before You Begin
Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document.
Dell support remains available to you for any phase of AWMS installation.
Formatting the Top Header
The AWMS interface centers around a horizontal row of tabs corresponding to high level components, with
nested subtabs pertaining to relevant information and features within that component. Above the component
tabs reside a row of statistics hyperlinks representing many commonly used subtabs. These hyperlinks provide two
things: an ability to view certain key statistics by mousing over, such as number and type of Down devices (Fat
APs, switches for example), and a short cut to certain frequently viewed subtabs. Clicking the Down hyperlink is
the same as clicking APs/Devices > Down, to use the same example.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 31
Figure 4 illustrates the navigation bar. For more details on hyperlinks, tabs and submenus, see “AWMS
Navigation Basics” on page22.
Figure 4 Navigation Bar D
isplaying Home Subtabs and Down Device Statistics
You can control which Top Header Stats links appear across the entire product from the AMP Setup > General
page, as described in “Defining General AWMS Server
also be customized for individuals, according to individual user roles f
Settings” on page39. Top Header Stats hyperlinks can
rom the Home > User Info page by clicking
the Yes radio button in the Top Header Stats pane. There you can select which statistics are displayed for what
device types, and override choices made from the AMP Setup page. All possible display options are shown in
Figure 5, and these fields are described in detail in “Monitoring and Supporting AWMS with the Home
Pages”
on page241.
Figure 5 To
p Header Stats Display Options
You can also set the severity level of cri
description of what constitutes a severe alert, see “Setting Severe Alert Warning Be
32 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
tical alerts displayed for a given user role. For details including a
havior” on page38.
Customizing Columns in Lists
You can determine which columns are displayed in any AWMS table by selecting or deselecting its checkbox
from the dropdown list made visible by clicking Choose Columns as shown in Figure 6. Using the up
arrows to the right of each column title, you can change
upper most column in the dropdown list correlating to the left most column in the table. As shown in Figure 6,
Username if it re
on.
mains checked will appear as the left most column, Role will appear to the right of that, and so
the order in which the column heads appear with the
/down
Figure 6 Ch
For more information on the uni
oose Columns Dropdown List
versal list elements, see “Common List Settings” on page26.
You can also control which column heads appear
Customize Header Columns field, as also appears in Figure 5. This exposes
dropdown menu in all tables shown in Figure 7. The right hand column shows the user roles already customized,
if any, for your particular production
columns and order them using the up and down arrows alongside the column head entries. The column heads
and user roles displayed are set to their defaults, but can always be customized further, as needed.
Figure 7 Ta
ble With Choose Columns for Roles Menu Selected
environment. The left hand column allows you to establish left to right
for each user role by selecting the Yes radio button in the
the Choose Columns for Roles
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 33
Resetting Pagination Records
You can control how many records appear in any list individually by clicking the link with Records Per Page
mouseover text at the top left of each table, as shown in Figure 8. AWMS
so once you have customized the table (by choosing Custo
entering 5), each time you return to the Generated Reports list, it will always show just 5 records at a time, as in
this example.
m from the Records Per Page dropdown menu and
stores each list’s pagination preferences
Figure 8 Reco
If for some reason you would like to reset all AMP list
Display Preferences pane of the Home > User Info page. The Display Preferences pane is shown in Figure 9.
Figure 9 D
rds Per Page Drop Down Menu
Records Per Page preferences, you can select Reset in the
isplay Preferences Pane
Using the Pagination Widget
The pagination widget is located at the top and bottom of every list table, as shown in Figure 10.
Figure 10 Pa
As you mouse over it, you will see Jump to
dropdown list appears with all the page numbers listed for that table. From here, you can jump to any portion of
the table. You can browse the pages of any list table using the right pointing arrows on the outermost sides of the
gination Widget
Page. Click the down arrow next to where it says Page 1, and a
34 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
pagination widget. Using the mouseover text as a guide, you can to jump to the next or previous and first or last
pages of the table.
Using CSV Export for Lists and Reports
Wherever you see an Export to CSV setting above a list, you can export the data shown into a CSV file that you
can open as a Microsoft Excel spreadsheet or in any text editor. All vertical and horizontal columns appearing in
the table will also appear in the exported data file. See Figure 11 fo
option selected.
r an example of a list with the Export to CSV
Figure 11 List w
AWMS also enables CSV exporting of all report
page265.
ith Export to CSV Selected
types. For more information, see “Using Custom Reports” on
Defining Graph Display Preferences
Many of the graphs in AWMS are flash-based, which allows you change graph attributes, as shown in Figure 12.
Figure 12 Fla
sh Graphs on the Home Overview Page
This flash-enabled GUI allows for custom settings and adjus
changes you can make or functions that are supported:
Drag the slider at the bottom of the screen to move the scope of the graph between one year ago and the
current time.
Drag the slider between graphs to change the relative sizes of each.
Deselect checkboxes to change the data displayed on each graph. The button with green arrows refreshes data
on the graph.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 35
tments, and the following examples illustrate some
The Show All link displays all of the available checkboxes supporting the flash graphs.
Once a change to the slider bars or to the display boxes has been made, the same change can be applied to all
other flash graphs with an apply button (appears on mouse-over only).
For non-flash graphs, click the graph to open a popup window that shows historical data.
A non-flash version of the AWMS
user page is available if desired; instead of flash it uses the RRD graphs that
were used in AWMS through the 5.3 Version. Contact Dell support for more information on activating this
feature in the AWMS database.
Customizing the Overview Subtab Display
You can rearrange or remove widgets appearing on the Home > Overview dashboard by clicking Customize to
the right of this window, as shown in Figure 13.
Figure 13 Customize But
ton on the Home Overview Page
The Cust
36 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
omize workspace is shown in Figure 14.
Figure 14 Customize Overview Page
The Available Widg
ets pane on the left with no gridlines holds all possible (available) graphical elements
(widgets). Click and any blue widget tile with a verbal description enclosed, and it immediately turns into a
graphical element with the verbal description at the top.
Drag the widgets you want to
appear on the Overview dashboard across to the gridlines and arrange them in the
right pane, within the gridlines. A widget snaps back to the nearest available gridline if you drop it across two or
more lines, and turns red if you attempt to place it over gridlines already occupied by widgets, as shown in Figure
15.
Figure 15 Example o
f Improper Widget Placement
Green widgets are those that are properly placed and set to appear when you click Sa
ve. Widgets that remain in
the left pane will not appear (although they can be returned at a later time, or reinstated by clicking Restore
Defaults).
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 37
Customized Search
You can customize search results to display only desired categories of matches on the Home > User Info page.
Navigate to the Search Preferences box and toggle the Customize Search option to “Yes”; then select or unselect
categories of results and save your changes. By default customize search is turned off and all boxes are selected.
When you enter a search string into the search box in the upper right-hand corner of any AMP page only results
in the selected categories will be returned.
Figure 16 Cu
stomized Search Preferences
Setting Severe Alert Warning Behavior
You can control the alert levels users can see on the Alerts statistics hyperlink from the Home > User Info page.
These settings will apply unless and until other users change settings for themselves. When a trigger is assigned a
severity of Critical, it generates a severe alert. When a severe alert exists, a new component appears at the right of
the Status field in bold red font. Only users configured on the Home > User Info page to be enabled to view
critical alerts can see severe alerts. The Severe Alert Threshold dropdown menu, located in the Top Header Stats
pane of the Home > User Info page, with all options displayed is shown in Figure 17.
Figure 17 Severe Alert
Threshold Dropdown Menu
38 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Defining General AWMS Server Settings
This section describes all pages accessed from the AWMS Setup tab and describes two pages in the Device Setup
tab—the Communication and Upload Files pages. Once required and optional configurations in this chapter are
complete, continue to later chapters in this document to create and deploy device groups and device
configuration and discovery on the network.
The first step in configuring AWMS is to specif
the
AMP Setup > General page:
y the general settings for the AWMS server. Figure 18 illustrates
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 39
Figure 18 AMP Setup > General Page Illustration
Perform the following steps to configure
1. Browse to the A
MP Setup > General page, locate the General area, and enter the information described in
AWMS server settings globally across the product (for all users).
Table 8:
40 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Table 8 AMP Setup > General > General Section Fields and Default Values
Setting Default Description
System Name AWMS Defines your name for the AWMS server, with a maximum limit of 20 alphanumeric
characters.
Automatically Monitor/
Manage New Devices
No Launches a drop-down menu that specifies the behavior AWMS should follow
when it discovers a new device. Devices are placed in the default group which is
defined in the next field.
When devices are in Monitor Only mode, AWMS compares the current
configuration with the policy, and displays any discrepancies on the APs/
Devices > Audit page, but does not change the configuration of the device.
When devices are in Manage Read/Write mode, AWMS compares the device's
current configuration settings with the Group configuration settings and
automatically updates the device's configuration to match the Group policy.
Automatically placing devices in Managed Read/Write mode will overwrite the
configuration with the desired configuration in AWMS, and should only be used
when you are certain AWMS has the correct configuration. This can be risky,
and generally, devices should be placed in Monitor Only mode as the default.
Default Group NA Sets the device group that this AWMS
server uses as the default for device-level
configuration. Select a device group from the drop-down menu. A group must first
be defined on the Groups > List page to appear in this drop-down menu. For
additional information, refer to Chapter 4, “Configuring and Using Device Groups in
AWMS” on page79.
Device Configuration
Audit Interval
Daily If enabled, this setting defines the inter
compares actual device settings to the Group configuration policies stored in the
val of AWMS queries, in which each device
AWMS database. If the settings do not match, the AP is flagged as mismatched and
AWMS sends an alert via email, log, or SNMP.
Aruba recommends enabling this feature with a frequency of Daily or mo
re
frequently to ensure that your AP configurations comply with your established
policies.
Automatically Repair
Misc
onfigured Devices
Send Debugging
Messages to Aruba
Nightly Maintenance
Time (00:00 - 23:59)
AWMS User
Authorization Lifetime
(0-240 min)
Check Updates from
Aruba
Disabled If enabled, this setting automatically reconfigures the settings on the device when
the device is in Manage mode and AWMS detects a variance between actual
device settings and the Group configuration policy in the AWMS database.
Enabled If enabled, AWMS automatically emails any system
errors to the Dell Support
Center to assist in debugging.
04:15 Specifies the time of day AWMS should perform daily maintenance. During
maintenance, AWMS cleans the database, performs backups, and completes a few
other housekeeping tasks. Such processes should not be performed during peak
hours of demand.
120 Sets the amount of time, in minutes, that an AWMS user session lasts befor
e the
user must authenticate when a new browser window is opened. Setting the lifetime
to 0 requires the user to log in every time a new browser window is opened.
Yes Enables AWMS
to check automatically for multiple update types. Check daily for
AWMS updates, to include enhancements, device template files, important security
updates, and other important news. This setting requires a direct internet
connection via AWMS.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 41
2. Select the Top Header Stats by checking the corresponding check box. The selected options will be displayed
at the top of GUI. For more detailed information about each option, refer to Table 5 on page 23.
3. On the AMP
Setup > General page, locate the Display Options section and adjust settings as required. The
Display Options section configures which Group tabs and options appear by default in new device groups.
Note: Changes to this section apply across all of AWMS. These changes affect all users and all new device groups.
Table 9 describes the settings and default values in this section.
Table 9 AMP Setup > General >Display Options Fields and Default Values
Setting Default Description
Use Fully Qualified
Domain Names
Show Vendor-Specific
Device Settings
For
No Sets AWMS to use fully qualified domain names for APs instead of the AP name. For
example, "testap.yourdomain.com" would be used instead of "testap."
This option is supported only for Cisco IOS, Dell PowerConnect W, Aruba Networks,
and Alcatel-Lucent devices.
All Devices Displays a drop-down menu that determines which Group tabs and options are
viewable by default in new groups, and selects the device types that use fully qualified
domain names. This field has three options, as follows:
All Device—When selected, AWMS displays all Group tabs and setting options.
Only Devices on this AMP—When selected, AWMS hides all options and tabs that
do not apply to the APs and devices currently on AWMS.
Selected device type—When selected, a new field appears listing many device
types. This option allows you to specify the device types for which AWMS displays
group settings. You can override this setting at the individual group level.
Look Up Wireless
User Host
names
DNS Hostname
Lifetime
Yes Enables AWMS to look up automatically the DNS for new user hostnames. This setting
can be turned off to troubleshoot performance issues.
24 hours Defines the length of time, in hours, for which a DNS server hostname remains valid on
AWMS, after which AWMS refreshes DNS lookup. Select a time duration from the
drop-down menu. Options are as follows:
1 hour
2 hours
4 hours
12 hours
24 hours
AP Troubleshooting
Hint
N/A The message included in this field is displaye
upstream device is up. This applies to all APs and controllers but not to routers and
d along with the Down if a device’s
switches.
4. On the AMP Set
up > General page, locate the Configuration Options section and adjust settings as
required. The settings in this field configure whether certain changes can be pushed to devices in Monitor
Only mode. Table 10 describes the settings and default
values of this section.
Table 10 AMP Setup > General > Configuration Options Section Fields and Default Values
Setting Default Description
Guest User Configuration Disabled Enables or prevents guest users to/from pushing configurations to devices.
Options are Disabled (default), Enabled for Devices in Manage (Read/
Write), Enabled for all Devices.
42 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Table 10 AMP Setup > General > Configuration Options Section Fields and Default Values
Setting Default Description
Allow WMS offload
configuration in monitoronly mode
Desire all global Aruba
Configuration
No When Yes is selected, you can enable the Dell PowerConnect W WMS
offload feature on the Groups > Basic page for WLAN switches in Monitor
Only mode. Enabling WMS offload does not cause a controller to reboot.
This option is supported only for Aruba Networks and Dell PowerConnect W
devices.
No Allows AWMS to retain
profiles. You can define profiles on a WLAN switch but it is not necessary to
reference them from a virtual AP configuration or other component of Dell
PowerConnect W Configuration. Normally AWMS deletes unreferenced
profiles, but this setting retains them when enabled with Yes .
NOTE: If this setting is enabled with Ye
controllers. In this case, you cannot have different configurations for
different controllers.
unused Dell PowerConnect W OS configuration
s, then all profiles are pushed to all
5. On the AMP Setup > General page, locate the External Logging section and adjust settings as required. Use
this section to configure AWMS to send audit and system events to an external syslog server. Table 11
describes these settings and default values.
Table 11 AMP Setup > General > External Syslog Section Fields and Default Values
Setting Default Description
Syslog Server N/A Enter the IP address of the Syslog server.
Syslog Port N/A Enter the port of the Syslog server.
Include event log messages No Select Ye s to send event log messages to an external syslog server.
Event log facility local1 Select the facility for the event
Include audit log messages No Select Ye
Audit log facility local1 Select the facility for the audit lo
6. On the A
MP Setup > General page, locate the Historical Data Retention section and specify the number of
s to send audit log messages to an external syslog server.
log from the drop-down menu.
g from the drop-down menu.
days you wish to keep client session records and rogue discovery events. Table 12 describes the settings and
default values of this section. Many settin
gs can be set to have no expiration date, such that the information
will remain in the AWMS indefinitely, as noted.
Table 12 AMP Setup > General > Historical Data Retention Fields and Default Values
Setting Default Description
Inactive User Data
(2-1500 days)
User Association History
(2-55
0 days)
60 Defines the number of days AWMS stores basic information about inactive users.
Aruba recommends a shorter setting of 60 days for customers with high user turnover
such as hotels or convention centers. The longer you store inactive user data, the
more hard disk space you require.
14 Defines the number of days AWMS stores client session records. The longer you
store client session records, the more hard disk space you require.
Tag History
(2-550 days)
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 43
14 Sets the number of days AWMS retains loc
ation history for Wi-Fi tags.
Table 12 AMP Setup > General > Historical Data Retention Fields and Default Values (Continued)
Setting Default Description
Rogue AP Discovery
Events
(2-550 days)
Reports
(2-550 days)
Automatically
Acknowledged Alerts
(0-550 days, zero
d
isables)
Acknowledged Alerts
(2-550 days)
Traps from managed
d
evices
(0-550 days, zero
d
isables)
Archived Device
Configurations
(1-100)
Guest Users
(0-550 days, zero
d
isables)
Closed Helpdesk
Incidents
(0-550 days, zero
d
isables)
14 Defines the number of days AWMS stores Rogue Discovery Events. The longer you
store discovery event records, the more hard disk space you require.
60 Defines the number of days AWMS stores Reports.
1000, can cause the Reports > List page to be slow to respond.
14 Defines automatically acknowledged alerts as the number of days AWMS retains
60 Defines the number of days AWMS retains information about acknowledged alerts.
14 Defines the number of days AWMS retains
10 Sets the number of archived configurations
30 Sets the number of days that AWMS is to su
30 Sets the number of days that AWMS is to retain records of closed Helpdesk incidents
alerts that have been automatically acknowledged. Setting this value to 0 disables this
function, and alerts will never expire or be deleted from the AWMS database.
Large numbers of Alerts, over 2000, can cause the System > Alerts page to be slow to
respond.
information about SNMP traps from
Managed Devices. Setting this value to 0 disables this function, and the trap
information will never expire or be deleted from the AWMS database.
0 disables this function, and guest users will never expire or be deleted from the
AWMS database.
once closed. Setting this value to 0 disables this function, and Helpdesk information
will never expire or be deleted from the AWMS database.
Large numbers of reports, over
to retain for each device.
pport any guest user. Setting this value to
Inactive SSIDs
(0-550 days, zero
isables)
d
Inactive Interfaces (0550
days, zero disables)
Interface Status History
(0-550 days, zero
d
isables)
425 Sets the number of days AWMS retains histor
client on a specific SSID. Setting this value to 0 disables this function, and inactive
SSIDs will never expire or be deleted from the AWMS database.
425 Sets the number of days AWMS retains inactive interface information after the
interface has been removed or deleted from the device. Setting this value to 0
disables this function, and inactive interface information will never expire or be
deleted from the AWMS database.
425 Sets the number of days AWMS retains histor
Setting this value to 0 disables this function.
ical information after AWMS last saw a
ical information on interface status.
7. On the AMP Setup > General page, locate the Default Firmware Upgrade Options section and adjust
settings as required. This section allows you to configure the default firmware upgrade behavior for AWMS.
Table 13 describes the settings and defaul
t values of this section.
Table 13 AMP Setup > General > Default Firmware Upgrade Options Fields and Default Values
Setting Default Description
Allow Firmware
upgrades in Monitor
Only mode
No If yes is
AWMS upgrades the firmware in this mode, the desired configuration are not be pushed
to AWMS. Only the firmware is applied. The firmware upgrade may result in
configuration changes. AWMS does not correct those changes when the AP is in
Monitor Only mode.
selected, AWMS upgrades the firmware for APs in Monitor Only mode. When
Simultaneous Jobs (1-
20)
44 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
20 Defines the number of jobs AWMS runs at the same time
. A job can include multiple APs.
Table 13 AMP Setup > General > Default Firmware Upgrade Options Fields and Default Values
Setting Default Description
Simultaneous Devices
per Job
(1-1000)
Failures Before
Stopping (0-20)
20 Defines the number of devices that can be in the process of upgrading at the same time.
AWMS only runs one TFTP transfer at a time. As soon as the transfer to a device has
completed, the next transfer begins, even if the first device is still in the process of
rebooting or verifying configuration.
1 Sets the default number of upgrade failures before AW
User intervention is required to resume the upgrade process. Setting this value to 0
disables this function.
MS pauses the upgrade process.
8. On the AMP Setup > General page, locate the Additional AMP Services section, and adjust settings as
required. Table 14 describes the settings and default values of this section.
Table 14 AMP Setup > General > Additional AMP Services Fields and Default Values
Setting Default Description
Enable FTP Server No Enables or disables the FTP server on AMP. The FTP server is only used to manage Cisco
Aironet 4800 APs. Aruba recommends disabling the FTP server if you do not have any
Cisco Aironet 4800 APs in the network.
Enable RTLS Collector No Enables or disables the RTLS Collecto
RTLS packets to VisualRF. The RTLS server IP address must be configured on each
controller. This function is used for VisualRF to improve location accuracy and to locate
chirping asset tags. This function is supported only for Dell PowerConnect W and Aruba
devices.
With selection of Ye
RTLS Port—Specify the port for the RTLS server.
RTLS Username—Enter the user name supported by the RTLS server.
RTLS Password—Enter the RTLS server password.
s, the following additional fields appear:
r, which is used to allow AOS controllers to send
Use Embedded Mail
Server
Process User Roaming
T
raps from Cisco WLC
Enable AMON data
c
ollection
9. On the AMP Set
Yes Enables or disables the embedded mail
This field supports a Send T
button prompts you with a To and From field in which you must enter valid email
addresses, and a button to send a test email.
Yes AMP now parses client association and authentication traps from Cisco WLC controllers
to give real time information on users connected to the wireless network.
Yes Allows AMP to collect enhanced data from Aruba devices on certain firmware versions;
see the Aruba Best Practices Guide for more details.
est Email button for testing server functionality. Clicking this
up > General page, locate the Performance Tuning section. Performance tuning is unlikely
server that is included with AWMS.
to be necessary for many AWMS implementations, and likely provides the most improvements for customers
with extremely large Pro or Enterprise installations. Please contact Dell support if you think you might need to
change any of these settings. Table 15 describes the settings and default values of this section.
Table 15 AMP Setup > General > Performance Tuning Fields and Default Values
Setting Default Description
Monitoring
Processes
Based on the number
of cores for your
server
Optional setting configures the throughput of monitoring data. Increasing this
setting allows AWMS to process more data per second, but it can take
resources away from other AWMS processes. Please contact Dell support if
you think you might need to increase this setting for your network.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 45
Table 15 AMP Setup > General > Performance Tuning Fields and Default Values (Continued)
Setting Default Description
Maximum Number of
Configuration
Processes
Maximum Number of
Audit Processes
Verbose Logging of
SNMP Config
SNMP Rate Limiting
for Monitored
Devices
RAPIDS Processing
Pri
ority
uration
5 Increases the number of processes that are pushing configurations to your
devices, as an option. The optimal setting for your network depends on the
resources available, especially RAM. Please contact Dell support if you think
you might need to increase this setting for your network.
3 Increases the number of processes that aud
No Enables or disables logging detailed records of SNMP configuration
No Enables or disables a maximum bandwidth consumption threshold for each port
Low Defines the processing and system resource priority for RAPIDS in relation to
as an option. The optimal setting for your network depends on the resources
available, especially RAM. Contact Dell support if you are considering
increasing this setting for your network.
information.
for monitored devices. This setting prevents unnecessary SNMP traffic from
compromising device performance. Aruba recommends enabling this setting
when monitoring Aruba controllers.
AWMS as a whole.
When AWMS is processing data at or near its maximum capacity, reducing the
priority of RAPIDS can ensure that processing of other data (such as client
connections and bandwidth) are not adversely impacted.
The default priority is Low. Y
changing group poll periods.
ou can also tune your system performance by
it configurations for your devices,
10. Click Save when the General Server settings are complete and whenever making subsequent changes.
What Next?
Navigate to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document.
Dell support remains available to you for any phase of AWMS installation.
46 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Defining AWMS Network Settings
The next step in configuring AWMS is to confirm the AMP network settings. Define these settings by navigating
to the AMP Setup > Network page. Figure 19 illustrates the contents of this page.
Figure 19 AMP Se
Perform the following steps to def
1. Locate the Primary and Secondary Networ
tup > Network Page Illustration
ine the AWMS network settings:
k Interface sections. The information in these sections should
match what you defined during initial network configuration and should not require changes. Table 16
describes the settings and default values.
Table 16 Primar
y and Secondary Network Interface Fields and Default Values
Setting Default Description
IP Address None Sets the IP address of the AWMS network interface.
This address must be static IP address.
Hostname None Sets the DNS name assigned to the AWMS ser
Subnet Mask None Sets the subnet mask for the AW
Gateway None Sets the default gateway for the AW
Primary DNS IP None Sets the primary DNS IP address for the AWMS n
Secondary DNS IP None Sets the secondary DNS IP address for the AW
Secondary Network
Interface
2. On the AMP Setu
No Select Yes to enable a secondary network interfac
address and subnet mask.
p > Network page, locate the Network Time Protocol (NTP) section. The Network Time
MS primary network interface.
MS network interface.
ver.
etwork interface.
MS network interface.
e. You must also define the IP
Protocol is used to synchronize the time between AWMS and your network reference NTP server. NTP servers
synchronize with external reference time sources, such as satellites, radios, or modems.
Note: Specifying NTP servers is optional. NTP servers synchronize the time on the AWMS server, not on individual access points.
Secondary network interface options may include multiple telnet terminal configurations, DHCP/BOOTP auto-configuration, time
zone offsets, daylight savings time, and NTP addressing modes such as unicast, broadcast, and multicast. Secondary NTP
information is only supported on AWMS that have multiple interfaces.
To disable NTP services, cl
ear both the Primary and Secondary NTP server fields. Any problem related to
communication between AWMS and the NTP servers creates an entry in the event log.
Table 17 describes the settings and defaul
t values in more detail.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 47
Table 17 AMP Setu
p > Network > Secondary Network Fields and Default Values
Setting Default Description
Primary ntp1.yourdomain.com Sets the IP address or DNS name for the primary Network Time Protocol
Secondary ntp2.yourdomain.com Sets the IP address or DNS name for the secondary Network Time Protocol
server.
server.
3. On the AMP Setup > Network page, locate the Static Routes area. This section displays network, subnet
mask, and gateway settings that you have defined elsewhere from a command-line interface.
Note: This section does not enable you to configure new routes or remove existing routes.
4. Click Save when you
have completed all changes on the AMP Setup > Network page, or click Revert to return
to the last settings. Clicking Save restarts any affected services and may disrupt temporarily your network
connection.
What Next?
Navigate to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document.
Dell support remains available to you for any phase of AWMS installation.
Creating AWMS Users
AWMS installs with only one AMP user—the administrator or admin user. The admin user has these parameters
authorizations within AWMS:
The admin user is able to define additional users with varying levels of privilege, be it manage read/write or
monitoring.
The admin user can limit the viewable devices as well as the type of access a user has to the devices.
For each general user that you
password when logging into AWMS. It is helpful to use unique and meaningful user names as they are recorded
in the log files when you or other users make changes in AWMS.
Note: Username and password are not required if you configure AWMS to use RADIUS or TACACS authentication. You do not
need to add individual users to the AWMS server if you use RADIUS or TACACS authentication.
The user rol
e defines the user type, access level, and the top folder for that user. User roles are defined on the
AMP Setup > Roles page. Refer to the next procedure in this chapter for additional information, “Creating
AWMS User Roles” on page50.
The admin user can provide optional additional information about
address, phone number, and so forth.
add, you define a Username, Password and a Role. You use the username and
the user including the user's real name, email
Perform the following steps to display, add,
edit, or delete AWMS users of any privilege level. You must be an
admin user to complete these steps.
48 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
1. Navigate to the AMP Setup > Users page. This page displays all users currently configured in AWMS. Figure
20 illustrates the contents and layout of this page.
Figure 20 AMP Setup >
2. Click Add
to create a new user, click the pencil icon to edit an existing user, or select a user and click Delete to
Users Page Illustration
remove that user from AWMS. When you click Add or the edit icon, the Add User page appears, illustrated in
Figure 21.
Figure 21 AMP Setu
p > Users > Add/Edit User Page Illustration
3. Enter or edit the settings on
Table 18 AMP Setup >
this page. Table 18 describes these settings in additional detail.
User > Add/Edit User Fields and Default Values
Setting Default Description
Username None Sets the username as an alphanumeric string. The Username is used when logging in to
AWMS and appears in AWMS log files.
Role None Specifies the User Role that defines the Top viewable folder, type and access level of the user
specified in the previous field.
The admin
system is assigned to a role.
Password None Sets the password for the user being created or edited. Enter an alphan
spaces, and enter the password again in the Confirm Password field.
Because the default user's password
that your change this password. Aruba strongly recommends that you immediately change
the default AWMS "admin" password for admin users.
Name None Allows you to define an optional and alphanumeric text field
actual name.
Email Address None Allows you to specify a specific email address tha
pages in AWMS for that user, including reports, triggers, and alerts.
Phone None Allows you to enter an optional phone number for the user.
user defines user roles on the AMP Setup > Roles page, and each user in the
umeric string without
is identical to the name, Aruba strongly recommends
that takes note of the user's
t will propagate throughout many additional
Notes None Enables you to cite any additional notes about
granted access, the user's department, or job title.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 49
the user, including the reason they were
4. Click Add to create the new user, click Save to retain changes to an existing user, or click Cancel to cancel out
of this screen. The user information you have configured appears on the AMP Setup > Users page and the
user propagates to all additional AWMS pages and functions relevant to that user.
Note: AWMS enables user roles to be created with access to folders within multiple branches of the overall hierarchy. This
feature assists non-administrator users who support a subset of accounts or sites within a single AWMS deployment, such as help
desk or IT staff.
In prior AWMS versions, user roles could be assigned only to a single
example. User roles can now be restricted to multiple folders within the overall hierarchy, even if they do not share the same toplevel folder. Non-administrator users are only able to see data and users for devices within their assigned subset of folders.
top folder, such as "West Coast" or "European Stores", for
What Next?
Navigate to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document.
Dell support remains available to you for any phase of AWMS installation.
Creating AWMS User Roles
The AMP Setup > Roles page defines the viewable devices, the operations that can be performed on devices, and
general AWMS access. VisualRF uses the same user roles as defined for AWMS—users can see floor plans that
contain an AP to which they have access in AWMS, although only visible APs appear on the floor plan.
Users can also see any building that contai
ns a visible floor plan, and any campus that contains a visible building.
When a new role is added to AWMS, VisualRF must be restarted for the new user to be enabled. Refer to the
VisualRF User Guide for additional information.
User Roles can
be created that have access to folders within multiple branches of the overall hierarchy. This
feature assists non-administrative users, such as help desk or IT staff, who support a subset of accounts or sites
within a single AWMS deployment. In prior AWMS releases, AWMS user roles could only be assigned to a single
top folder (such as "West Coast" or "European Stores"). You can restrict user roles to multiple folders within the
overall hierarchy even if they do not share the same top-level folder. Non-admin users are only able to see data
and users for devices within their assigned subset of folders.
Perform the following steps to view, add, edit, or delete
1. Navigate to the AMP Set
up > Roles page. This page displays all roles currently configured in AWMS. Figure
user Roles:
22 illustrates the contents and layout of this page.
Figure 22 AMP Setup >
Roles Page Illustration
2. Click Ad
d to create a new role, click the pencil icon to edit an existing role, or select a role and click Delete to
remove that role from AWMS. When you click Add or the edit icon, the Add Role page appears, illustrated in
Figure 23.
50 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Figure 23 AMP Setup > Roles > Add/Edit Role Page Illustration
3. Enter or edit the settings on
As explained earlier in this section, Roles de
this page. Table 18 describes these settings in additional detail.
fine the type of user-level access, the user-level privileges, and the
view available to the user for device groups and devices in AWMS. Table 19 describes the settings and default
values of this section.
Table 19 AMP Setup >
Roles > Add/Edit Roles Fields and Default Values
Setting Default Description
Name None Sets the administrator-definable string that names the role. Aruba recommends that the
role name give an indication of the devices and groups that are viewable, as well as the
privileges granted to that role.
Enabled Ye s Disables or enables the role. Disabling a role prevents
in to AWMS.
Type AP/Device
M
anager
Defines the type of role. AWMS supports the following role types:
AMP Administrator—The AWMS Administrator has full access to AWMS and all of
the devices. The administrator can view and edit all settings and all APs in AWMS.
Only the AWMS Administrator can create new Users or access the AMP Setup
page.
AP/Device Manager—AP/Device Managers have access to a limited number of
devices and groups based on the Top folder and varying levels of control based on
the Access Level.
Aruba Management Client—Defines the AWMS user. The user information defined
in AMC must match the user with the Aruba Management Client type.
Guest Access Sponsor—Limited-functionality role to allow helpdesk or reception
desk staff to grant wireless access to temporary personnel. This role only has
access to the defined top folder of APs.
all users of that role from logging
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 51
Table 19 AMP Setup > Roles > Add/Edit Roles Fields and Default Values (Continued)
Setting Default Description
AP/Device Access
Level
Top Folder None Defines the Top viewable folder for the role. The role is able to view all devices and
RAPIDS None Sets the RAPIDS privileges, which are set se
None Defines the privileges the role has over the viewable APs. AWMS supports three
privilege levels, as follows:
Manage (Read/Write)—Manage users have read/write access to the viewable
devices and Groups. They can change all AWMS settings for the devices and
Groups they can view.
Audit (Read Only)—Audit users have read only access to the viewable devices and
Groups. Audit users have access to the APs/Devices > Audit page, which may
contain sensitive information including AP passwords.
Monitor (Read Only)—Monitor users have read-only access to devices and groups.
Monitor users cannot view the APs/Devices > Audit page which may contain
sensitive information, including AP passwords. Monitor-only users also have readonly access to VisualRF.
groups contained by the Top folder. The top folder and its subfolders must contain all of
the devices in any of the groups it can view.
NOTE: A
WMS enables user roles to be created with access to folders within multiple
branches of the overall hierarchy. This feature assists non-administrator users who
support a subset of accounts or sites within a single AWMS deployment, such as help
desk or IT staff.
Prior to Version 6.3, AWMS user roles could be
as "West Coast" or "European Stores", for example. User roles can now be restricted to
multiple folders within the overall hierarchy, even if they do not share the same top-level
folder. Non-administrator users are only able to see data and users for devices within
their assigned subset of folders.
specifies the RAPIDS privileges for the role, and options are as follows:
None—Cannot view the RAPIDS tab or any Rogue APs.
Read Only—The user can view the RAPIDS pages but cannot make any changes to
rogue APs or perform OS scans.
Read/Write—The user may ignore, delete, override scores and perform OS scans.
assigned only to a single top folder, such
parately from the APs/Devices. This field
Helpdesk No Sets the role to support helpdesk users, with parameters that are spec
helpdesk personnel supporting users on a wireless network.
Enable Adobe Flash Yes Enables the Adobe Flash application for all users
Guest User
Preferences
Allow
accounts
with no
expiration
Flash supports dynamic graphics on the Home > Overview page, VisualRF, Quickview
functions, and additional AWMS pages.
NOTE: This field is only visible if a
this option is hidden and flash is enabled for all users.
AMPAdministrators can configure AP/Device Manager roles with read/write access to
allow guest user accounts with no expiration, allow a sponsor to change the
sponsorship name, and print a custom message with the guest user badge.
specific flag is set in the AWMS database. By default
who are assigned this role. Adobe
ific to the needs of
What Next?
Navigate to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document.
Dell support remains available to you for any phase of AWMS installation.
Enabling AWMS to Manage Your Devices
Once AWMS is installed and active on the network, the next task is to define the basic settings that allow AWMS
to communicate with and manage your devices. Device-specific firmware files are often required or are highly
desirable. Furthermore, the use of Web Auth bundles is advantageous for deployment of Cisco Airespace/WLC
wireless LAN controllers when they are present on the network.
52 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
This section contains the following procedures:
Configuring Communication Settings for Discovered Devices
Loading Device Firmware onto AWMS (Optional)
Overview of the Device Setup > Upload Files Page
Loading Firmware Files to AWMS
Overview of the Device Setup > Upload Files Page
Loading Firmware Files to AWMS
Using Web Auth Bundles in AWMS
Configuring Communication Settings for Discovered Devices
To configure AWMS to communicate with your devices, to define the default shared secrets, and to set SNMP
polling information, navigate to the Device Setup > Communication page, illustrated in Figure 24.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 53
Figure 24 Device Setup > Communication Page Illustration
Perform the following steps to define the default credentials and SNMP
1. On the Devic
e Setup > Communication page, locate the Default Credentials area. Enter the credentials for
settings for the wireless network.
each device model on your network. The default credentials are assigned to all newly discovered APs.
54 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
The Edit button edits the default credentials for newly discovered devices. To modify the credentials for
existing devices, use the APs/Devices > Manage page or the Modify Devices link on the APs/Devices > List
page.
Note: Community strings and shared secrets must have read-write access for AWMS to configure the devices. Without read-write
access, AWMS may be able to monitor the devices but cannot apply any configuration changes.
2. Browse to the Device Setup
> Communication page, locate the SNMP Settings area, and enter or revise the
following information. Table 20 lists the settings and default values.
Table 20 Device Setup > Communication > SNMP Settings Fields and Default Values
Setting Default Description
SNMP
Timeout
SNMP Retries 3 Sets the number of times AWMS tries to poll a device when it does not receive a
3. On the Device Setup > Communication page, locate the SNMP v3 Informs section. Click Add New SNMP
v3 User button to reveal an SNMP v3 User configuration section. AMP users will need to configure all v3 users
that are configured on the controller; SNMP traps will be restarted when users are changed or added to the
controller.
Username - Username of the SNMP v3 user as configured on the controller. There is no default username.
Auth Protocol - Can be MD5 or SHA. The default setting is SHA.
Auth and Priv Passphrases - Enter the auth and priv passphrases for the user as configured on the
controller. There is no default passphrase.
Priv Protocol - Can be DES or AES. The default setting is DES.
4. On the Device Setu
adjust the default value for the field in this section. Table 21 lists the setting and default value.
3 Sets the time, in seconds, that AWMS waits for a response from a device after
sending an SNMP request.
response within the SNMP Timeout period. If AWMS does not receive an SNMP
response from the device after the specified number of retries, AWMS classifies that
device as Down.
p > Communication page, locate the Telnet/SSH Settings section, and complete or
Table 21 Telnet/SSH Settings Fields and Default Values
Setting Default Description
Telnet/SSH Timeout
(3-120 sec)
5. On the
Device Setup > Communication page, locate the HTTP Discovery Settings section. Complete or
revise the default values for the settings in this section. Table 22 lists these settings and default values.
Table 22 HTTP Discovery Settings Fields and Default Values
10 Sets the timeout period in seconds used when performing Telnet and SSH
commands.
Setting Default Description
HTTP Timeout
(3-120 sec)
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 55
5 Sets the timeout period in seconds used when running an HTTP discovery scan.
6. On the Device Setup > Communication page, locate the ICMP Settings section. Complete the settings or
revise the default values as required. Table 23 itemizes the setting and defaul
t value of this section.
Table 23 Device Set
up > Communication > ICMP Settings Fields and Default Values
Setting Default Description
Attempt to
ping down
devices
7. On the Dev
need to provide this information if you use Colubris APs on your network. Select one of the options listed.
Figure 25 illustrates this section and Table 24 explains related fields.
Figure 25 Device Setup > C
Yes Enables a function that applies when an AP is unreachable over SNMP.
When Yes is selected, this option has AWMS attempt to ping the AP device.
Select No if performance is affected in negative fashion by this function. If a large number of
APs are unreachable by ICMP, likely to occur where there is in excess of 100 APs, the timeouts
start to impede network performance.
NOTE: If
numerous ping requests.
ICMP is disabled on the network, select No to avoid the performance penalty caused by
ice Setup > Communication page, locate the Colubris Administration Options section You only
ommunication > Colubris Administration Options Section Illustration
Table 24 Colubris Administration Options Fields and Default Values
Setting Default Description
Do not modify
security/HTTPS
settings
Replace existing
u
ser with specified
user
New Colubris
Username and
Pass
word
8. On the Device Setu
section. You only need to provide this information if you use VxWorks-based Cisco APs on your network, as
follows:
Aironet 340
Aironet 350
Aironet 1200
Select one of the three options listed. Table 25 describes the settings and defaul
N/A Enables AWMS to use only an existing user account on the AP. This user account must have
all permissions set. The user accounts are defined in the Colubris Username/Password
section in the Default Secrets area.
Disabled When enabled, this setting allows you to define a new Colubris username and password on
each Colubris AP.
N/A Specifies the username and password to be used only if the option Replace existing user with
specified user is selected.
p > Communication page, locate the Cisco Aironet VxWorks User Creation Options
t values of this section.
56 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Table 25 Cisc
o Aironet VxWorks User Creation Options Fields and Default Values
Setting Default Description
Do Not Modify
Security/SNMP
Settings
Create and Use
Specified User
N/A Enables AWMS using only an existing user account on the AP, as defined in the Cisco
N/A Enables AWMS to create a new user account, specified below, on each AP, with all
VxWorks Username/Password section in the Default Secrets area. This user account must
have all permissions set.
p
ermissions enabled.
9. On the Device Setup > Communication page, locate the Symbol 4131/Intel 2011b and Cisco Aironet IOS
SNMP Initialization area. You only need to provide this information if you use Symbol 4131, Intel 2011b, or
Cisco Aironet IOS access points. Select one of the options listed. Table 26 describes the settings and default
values.
Table 26 Device Setup > Communications Fields and Default Values
Setting Default Description
Do Not Modify SNMP Settings Ye s When selected, specifies that AWMS not modify any SNMP settings. If
Enable Read-Write SNMP No When selected, and when on networks where the Symbol, Intel, and Cisco
SNMP is not already initialized on the Symbol, Intel, and Cisco IOS APs,
AWMS is not able to manage them.
IOS APs do not
devices can be managed by AWMS.
have SNMP initialized, this setting enables SNMP so the
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 57
Loading Device Firmware onto AWMS (Optional)
Overview of the Device Setup > Upload Files Page
AWMS enables automated firmware distribution to the devices on your network. Once you have downloaded the
firmware files from the vendor, you can upload this firmware to AWMS for distribution to devices via the Device
Setup > Upload Files page.
Figure 26 illustrates the Upload File
page also enables you to add new firmware fil
The following additional
Firmware files uploaded to AWMS on this Upload File page appear as options in the drop-down menus on
pages support firmware file information:
s page, which lists all firmware files on AWMS with file information. This
es, to delete firmware files, and to add New Web Auth Bundle files.
the Group > Firmware page and on individual AP/Device > Manage pages. These firmware files can be
applied automatically to devices through AWMS.
Use the AMP Setup page to configure AWMS-wide default firmware options.
Figure 26 De
vice Setup > Upload Files Page Illustration
Table 27 below itemizes the contents, settings,
Table 27 Device Setup > U
pload Files Fields and Default Values
and default values for the Upload Files page.
Setting Default Description
Type None Displays a drop-down list of the primary AP makes and models that AWMS supports with
Owner Role None Displays the user role that uploaded the firmware file. This is
Description None Displays a user-configurable text descr
Server Protocol None Displays the file transfer protocol by which the firmware file was obta
Use Group File
Server
Firmware Filename None Displays the name of the file that was uploaded to AWMS and to be transferred to an AP
Firmware Version None Displays the firmware version number. Th
58 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
None Displays the name of the file server supporting the group.
automated firmware distribution.
file when an upgrade is attempted.
when
the file is used in an upgrade.
the role that has access to the
iption of the firmware file.
ined from the server.
is is a user-configurable field.
Table 27 Device Setup > Upload Files Fields and Default Values (Continued)
Setting Default Description
Firmware MD5
Checksum
Firmware File Size None Displays the size of the firm
HTML Filename None Supporting HTML, displays the name of the file that wa
HTML Version None Supporting HTML, displays the version of HTM
HTML MD5
Checksum
HTML File Size None Supporting HTML, displays the size of the file in bytes.
Desired Firmware
File for
Specified
Groups
None Displays the MD5 checksum of the file after it was uploaded to AWMS. The MD5 checksum
is used to verify that the file was uploaded to AWMS without issue. The checksum should
match the checksum of the file before it was uploaded.
ware file in bytes.
transferred to an AP when the file is used in an upgrade.
L used for file transfer.
None Supporting HTML, displays the MD5 checksum of the
The MD5 checksum is used to verify that the file was uploaded to AWMS without issue.
The checksum should match the checksum of the file before it was uploaded.
None The firmware file is set as the desired firmware version on the Groups > Firmware Files
page of the specified groups. You cannot delete a firmware file that is set as the desired
firmware version for a group.
Loading Firmware Files to AWMS
Perform the following steps to load a device firmware file onto AWMS.
1. Browse to the D
2. From the U
illustrates this page.
evice Setup > Upload Files page.
pload Files page, click the Add button. The Add Firmware File dialog box appears. Figure 27
s uploaded to AWMS and to be
file after it was uploaded to AWMS.
Figure 27 Device Setup > U
3. Click the Supported Firmware
Note: Unsupported and untested firmware may cause device mismatches and other problems. Please contact Dell support before
installing non-certified firmware.
4. Enter the appropriate info
pload Files > Add New Firmware Page Illustration
Versions and Features link to view a list of supported firmware versions.
rmation and click the Add button. The file uploads to AWMS and once complete,
this file appears on the Device Setup > Upload Files page. This file also appears on additional pages that
display firmware files (such as the Group > Firmware page and on individual AP/Device > Manage pages).
5. You can also import a CSV list of groups and t
heir external TFTP firmware servers.
Table 28 itemizes the settings of this page.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 59
Table 28 Su
pported Firmware Versions and Features Fields and Default Values
Setting Default Description
Type None Indicates the firmware file is used with the specified type. If you select an IOS device
Firmware Version None Provides a user-configurable field to spe
Description None Provides a user-configurable text description of the firmware file.
Upload firmware files
(and use
firmware)
Use an external
fi
Use Group File Server Disabled
TFTP Server IP None Provides the IP address of the External TFTP Server
built-in
rmware file server
Built-in Selects the TFTP server that access points use to download their firmware. The built-in
N/A You can also choose to assign the external TFTP server on a per-group basis. If you
(not
selected
from the Type drop-down menu, you have the option of choosing a server protocol of
TFTP or FTP. If you choose FTP you may notice that the firmware files are pushed to the
device more quickly.
With selection of some T
software version.
TFTP server is recommended.
If you choose to use an external TFTP server, enter the File Server IP Address and the
Firmware Filename.
select this option, you must enter the IP address on the Groups > Firmware page.
Complete the Firmware File Server IP Address field.
NOTE: With selection of
that lets you select which protocol to use, and this varies from device to device. If you
select FTP, AWMS uses an anonymous user for file upload.
If you opt to use an external firmware file server, this additional option appears. This
setting instructs AWMS to use the server that is associated with the group instead of
)
defining a server.
firmware upgrade. This option displays when the user selects Use a Different TFTP
server option.
ypes, particularly Cisco controllers, you can specify the boot
cify the firmware version number.
some Types, you are prompted with the Server Protocol field
(like SolarWinds) that is used for the
Firmware Filename None Enter the filename of the firmware file
firmware file is in the TFTP root directory.
Click the Brow
your network.
Note: Additional fields may appear for multiple device types. AWMS prompts you for additional firmware information as required.
For example, Intel and Symbol distribute their firmware in two separate files: an image file and an HTML file. Both files must be
uploaded to AWMS for the firmware to be distributed successfully via AWMS.
se button to locate the appropriate Intel or Symbol HTML firmware file on
that needs to be uploaded. Ensure that the
6. Click Add to import the firmware file.
7. To delete a firmware file that has already been
uploaded to AWMS, return to the File Upload page, select the
checkbox for the firmware file and click Delete.
Note: A firmware file may not be deleted if it is the desired version for a group. Use the Group > Firmware page to investigate this
potential setting and status.
Using Web Auth Bundles in AWMS
Web authentication bundles are configuration files that support Cisco Airespace/WLC wireless LAN controllers.
This procedure requires that you have local or network access to a Web Auth configuration file for Cisco
Airespace/WLC devices.
Perform these steps to add or edit Web Auth bundles in AWMS.
60 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
1. Navigate to the Device Setup > Upload Files page. This page displays any existing Web Auth bundles that
are currently configured in AWMS, and allows you to add or delete Web Auth bundles.
2. Scroll to the bottom of the page. Click Add New Web Auth
Bundle to create a new Web Auth bundle, or click
the pencil icon next to an existing bundle to edit. You may also delete Web Auth bundles by selecting that
bundle with the checkbox, and clicking Delete.
When you add or edit a Web Auth bundle, the Web Auth
Figure 28 Ad
d Web Auth Bundle Page Illustration
3. Enter a descriptive label in the description field. This
Bundle page appears, as illustrated in Figure 28.
is the label by which you identify and track Web Auth
bundles on the Device Setup > Upload Files page once they are present in AWMS.
4. Enter the path and filename of the Web
Auth configuration file in the Web Auth Bundle field. Click Browse
to locate the file with the browsing method, as required.
5. Click Add to complete the Web
Auth bundle creation, or click Save if replacing a previous Web Auth
configuration file, or click Cancel to abort the Web Auth integration.
6. The Device Setup > Upload
For additional information and a case study that illustrates the use
files page displays your changes.
of Web Auth bundles with Cisco Airespace/
WLC controllers, refer to the following document on Cisco.com:
Wireless LAN controller Web Authentication Configuration Example, Document ID: 69340
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_con
figuration_example09186a008067489f.shtml
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 61
Configuring TACACS+ and RADIUS Authentication
As an optional configuration, you can set AWMS to use an external user database to simplify password
management for AWMS administrators and users. This section contains the following procedures:
Configuring TACACS+ Authentication
Configuring RADIUS Authentication and Authorization
Integrating a RADIUS Accounting Server
Configuring TACACS+ Authentication
For TACACS+ capability, you must configure the IP/Hostname of the TACACS+ server, the TCP port, and the
server shared secret. This TACACS+ configuration is for AWMS users, and does not affect APs or users logging
into APs. Perform these steps to configure TACACS+ authentication:
1. Navigate to the AMP Setup > Aut
29 illustrates this page when neit
Figure 29 AMP Setu
p > Authentication Page Illustration
her TACACS+ nor RADIUS authentication is enabled in AWMS.
hentication page. This page displays current status of TACACS+. Figure
2. Click No to
disable or Yes to enable TACACS+ authentication. If you click Yes, several new fields appear.
Complete the fields described in Table 29.
Table 29 AMP Setu
p > Authentication Fields and Default Values
Field Default Description
Primary Server
Hostname/IP Address
Primary Server Port 1812 Enter the port for the primary TACACS+ server.
Primary Server Secret N/A Specify the primary shared secret for the primary TACACS+ server, and confirm in
Secondary Server
Hostname/IP Address
62 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
N/A Enter the IP address or the hostname of the primary TACACS+ server.
the Confirm field.
N/A Enter the IP address or the hostname of the secondary TACACS+ server.
Table 29 AMP Setup > Authentication Fields and Default Values (Continued)
Field Default Description
Secondary Server Port 1812 Enter the port for the secondary TACACS+ server.
Secondary Server Secret N/A Enter the shared secret for the secondary TACACS+ server.
3. Click Save to retain these configurations, and continue with additional steps.
4. To configure Cisco ACS to work with AWMS, you
the ACS server.
The AMP https service is added to the TACACS+ (Cisco) interface under the Interface Configuration
tab.
Select a checkbox for a new service.
Enter AMP in the service column and https in the protocol column.
Click Save.
5. Edit the existing groups or users in TACACS to use the
The role defined on the Group Setup page in ACS must match the exact name of the role defined on the
AMP Setup > Roles page.
The defined role should use the following format: role=<name_of_AMP_role>. One example is as
follows:
must define a new service named AMP that uses https on
“AMP service” and define a role for the group or user.
role=DormMonitoring
As with routers and switches, AWMS does not need to know usernames.
6. AWMS also needs to be confi
On the Network Configuration page, click Add Entry to add an AAA client.
Enter the IP address of AWMS as the AAA Client IP Address.
The secret should be the same value that was entered on the AMP Setup > TACACS+ page.
7. Select TACACS+ (Cisco I
Note: AWMS checks the local username and password store before checking with the TACACS+ server. If the user is found
locally, the local password and local role apply. When using TACAS+, it is not necessary or recommended to define users on the
AWMS server. The only recommended user is the backup administrator, in the event that the TACAS+ server goes down.
gured as an AAA client.
OS) in the Authenticate Using drop down menu and click submit + restart.
What Next?
Navigate to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document.
Dell support remains available to you for any phase of AWMS installation.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 63
Configuring RADIUS Authentication and Authorization
For RADIUS capability, you must configure the IP/Hostname of the RADIUS server, the TCP port, and the
server shared secret. Perform these steps to configuration RADIUS authentication:
1. Navigate to the AMP Setup > Aut
hentication page. This page displays current status of RADIUS. Figure 30
illustrates this page when neither TACACS+ nor RADIUS
Figure 30
AMP Setup > Authentication Page Illustration
authentication is enabled in AWMS.
2. Click No to
disable or Yes to enable TACACS+ nor RADIUS authentication. If you click Yes, several new
fields appear. Complete the fields described in Table 30.
Table 30 AMP Setu
p > Authentication Fields and Default Values
Field Default Description
Primary Server
Hostname/IP Address
Primary Server Port 49 Enter the TCP port for the primary RADIUS server.
Primary Server Secret N/A Specify the primary shared secret for the primary RADIUS se
Secondary Server
Hostname/IP Address
Secondary Server Port 49 Enter the TCP port for the secondary RADIUS server.
Secondary Server Secret N/A Enter the shared secret for the secondary RADIUS server.
3. Click Save to retain th
N/A Enter the IP address or the hostname of the primary RADIUS server.
the Confirm field.
N/A Enter the IP address or the hostname of the secondary
RADIUS server.
ese configurations, and continue with additional steps in the next procedure.
rver, and confirm in
64 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Integrating a RADIUS Accounting Server
Note: AWMS checks the local username and password store before checking with the RADIUS server. If the user is found locally,
the local password and local role apply. When using RADIUS, it is not necessary or recommended to define users on the AWMS
server. The only recommended user is the backup administrator, in the event that the RADIUS server goes down.
As an optional configuration, AWMS supports RADIUS server accounting. Use the AMP Setup > RADIUS
Accounting page enables this configuration. This capability is not required for basic AWMS operation, but can
increase the user-friendliness of AWMS administration in large networks. Figure 31 illustrates the settings of this
optional configuration interface.
Perform the following steps and configurations to enable
RADIUS server. Figure 31 illustrates the display of RADIUS accounting cl
illustrates the Add RADIU
Figure 31 AMP Setu
Figure 32
AMP Setup > RADIUS > Add RADIUS Accounting Client Page Illustration
1. To specify the RADIUS authentication
S Accounting Client page.
p > RADIUS Accounting Page Illustration
server or network, browse to the AMP Setup > RADIUS Accounting
AWMS to receive accounting records from a separate
ients already configured, and Figure 32
page and click Add, illustrated in Figure 32, and provide the information described in Table 31.
Table 31 AMP Setup > Radius Accounting Fields and Default Values
Setting Default Description
Nickname None Sets a user-defined name for the authentication server.
IP/Network None Cites the IP address or DNS Hostname for the authen
packets from one device. To accept packets from an entire network enter the IP/Netmask of
the network (for example, 10.51.0.0/24).
(Confirm) Shared
Secret
None Sets the Shared Secret that is used to establish communication between
RADIUS authentication server.
tication server if you only want to accept
AWMS and the
2. Click Add.
What Next?
For additional information about configuring WLAN Gateways or WLAN controllers such as BlueSocket,
ReefEdge, or ProCurve wireless gateways, refer to “Third-Party Security Integration for AWMS” on page305.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 65
Navigate to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document.
Dell support remains available to you for any phase of AWMS installation.
Configuring Cisco WLSE and WLSE Rogue Scanning
The Cisco Wireless LAN Solution Engine (WLSE) includes rogue scanning functions that AWMS supports.
This section contains the following topics
procedures:
Introduction to Cisco WLSE
Configuring WLSE Initially in AWMS
Configuring IOS APs for WDS Participation
Configuring ACS for WDS Authentication
Configuring Cisco WLSE Rogue Scanning
and procedures, and several of these sections have additional sub-
You must enter one or more CiscoWorks WLSE hosts to b
e polled for discovery of Cisco devices and rogue AP
information.
Introduction to Cisco WLSE
Cisco WLSE functions as an integral part of the Cisco Structured Wireless-Aware Network (SWAN)
architecture, which includes IOS Access Points, a Wireless Domain Service, an Access Control Server, and a
WLSE. In order for AWMS to obtain Rogue AP information from the WLSE, all SWAN components must be
properly configured. Table 32 describes these components.
Table 32 Cisco SWAN Architecture Components
SWAN Component Requirements
WDS (Wireless Domain
Services)
WLSE (Wireless LAN
Solution Eng
ine)
ACS (Access Control
Server)
WDS Name
Primary and backup IP address for WDS devices (IOS AP or WLSM)
WDS Credentials APs within WDS Group
NOTE: WDS can be either a WLSM or an IOS AP.
WLSM (WDS) can control up to 250 access
points. AP (WDS) can control up to 30 access points.
IP Address
Login
IP Address
Login
APs
APs within WDS Group
Configuring WLSE Initially in AWMS
Use the following general procedures to configure and deploy a WLSE device in AWMS:
Adding an ACS Server for WLSE
Enabling Rogue Alerts for Cisco WLSE
Configuring WLSE to Communicate with APs
Discovering Devices
Managing Devices
Inventory Reporting
Defining Access
66 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Grouping
WDS Participation
Primary or Secondary WDS
Adding an ACS Server for WLSE
1. Navigate to the Devices > Discover > AAA Server page.
2. Select Ne
3. Enter the Server Name, Se
w from the drop-down list.
rver Port (default 2002), Username, Password, and Secret.
4. Click Save.
Enabling Rogue Alerts for Cisco WLSE
1. Navigate to the Faults > Network Wide Settings > Rogue AP Detection page.
2. Select the Ena
3. Click Ap
Additional information about rogue d
ble toggle.
ply.
evice detection is available in “Configuring Cisco WLSE Rogue Scanning”
on page 69.
Configuring WLSE to Communicate with APs
1. Navigate to the Device Setup > Discover page.
2. Configure SNMP Information.
3. Configure HTTP Information.
4. Configure Telnet/SSH Credentials.
5. Configure HTTP ports for IOS access points.
6. Configure WLCCP credentials.
7. Configure AAA information.
Discovering Devices
There are three methods to discover access points within WLSE, as follows:
Using Cisco Discovery Protocol (CDP)
Importing from a file
Importing from CiscoWorks
Perform these steps to discover access points.
1. Navigate to the D
evice > Managed Devices > Discovery Wizard page.
2. Import devices from a file.
3. Import devices from Cisco Works.
4. Import using CDP.
Managing Devices
Prior to enabling radio resource management on IOS access points, the access points must be under WLSE
management.
Note: AWMS becomes the primary management/monitoring vehicle for IOS access points, but for AWMS to gather Rogue
information, the WLSE must be an NMS manager to the APs.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 67
Use these pages to make such configurations:
1. Navigate to De
vice > Discover > Advanced Options.
2. Select the method to bring APs into management Auto, or specify via filter.
Inventory Reporting
When new devices are managed, the WLSE generates an inventory report detailing the new APs. AWMS
accesses the inventory report via the SOAP API to auto-discover access points. This is an optional step to enable
another form of AP discovery in addition to AWMS' CDP, SNMP scanning, and HTTP scanning discovery for
Cisco IOS access points. Perform these steps for inventory reporting.
1. Navigate to Devices >
2. Run In
ventory executes immediately between WLSE polling cycles.
Inventory > Run Inventory.
Defining Access
AWMS requires System Admin access to WLSE. Use these pages to make these configurations.
1. Navigate to Admin
2. Configure Role and Us
istration > User Admin.
er.
Grouping
It is much easier to generate reports or faults if APs are grouped in WLSE. Use these pages to make such
configurations.
1. Navigate to D
evices > Group Management.
2. Configure Role and Us
er.
Configuring IOS APs for WDS Participation
IOS APs (1100, 1200) can function in three roles within SWAN:
Primary WDS
Backup WDS
WDS Member
AMP monitors AP WDS role and displays thi
Note: APs functioning as WDS Master or Primary WDS will no longer show up as Down is the radios are enabled.
WDS Participation
Perform these steps to configure WDS participation.
1. Log in to the AP.
2. Navigate to the W
3. Click En
4. Click Sp
able participation in SWAN Infrastructure.
ecified Discovery and enter the IP address of the Primary WDS device (AP or WLSM).
5. Enter the Us
ireless Services > AP page.
ername and Password for the WLSE server.
s information on AP Monitoring page.
Primary or Secondary WDS
Perform these steps to configure primary or secondary functions for WDS.
1. Navigate to the W
68 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
ireless Services > WDS > General Setup page.
2. If the AP is the Primary or Backup WDS, select Use the AP as Wireless Domain Services.
Select Priority (set 200 for Primary, 100 for Secondary).
Configure the Wireless Network Manager (configure the IP address of WLSE).
3. If the AP is Member Only, leave all options unchecked.
4. Navigate to the S
ecurity > Server Manager page.
5. Enter the IP address and Shared Secret
6. Click the Ap
7. Navigate to the W
ply button.
ireless Services > WDS > Server Group page.
for the ACS server.
8. Enter the WDS Group of AP.
9. Select the ACS server in
10. Click the Ap
ply button.
the Priority 1 drop- down menu.
Configuring ACS for WDS Authentication
ACS authenticates all components of the WDS and must be configured first. Perform these steps to make this
configuration.
1. Login to the ACS.
2. Navigate to the Sy
3. Install a New Certificate by clicking the Instal
certificate was previously installed.
4. Click the Use
5. Enter the Us
6. Enter the Password th
7. Navigate to the Netwo
stem Configuration > ACS Certificate Setup page.
l New Certificate button, or skip to the next step if the
r Setup button in the left frame.
ername that will be used to authenticate into the WDS and click Add/Edit button.
at will be used to authenticate into the WDS and click the Submit button.
rk Configuration > Add AAA Client page.
8. Add AP Hostn
9. Enter the Password that w
For additional and more general inf
ame, AP IP Address, and Community String (for the key).
ill be used to authenticate into the WDS and click the Submit button.
ormation about ACS, refer to “Configuring ACS Servers” on page71.
Configuring Cisco WLSE Rogue Scanning
The AMP Setup > WLSE page allows AWMS to integrate with the Cisco Wireless LAN Solution Engine
(WLSE). AWMS can discover APs and gather rogue scanning data from the Cisco WLSE.
Figure 33 illustrates and itemizes the AWMS settings for communication that is en
WLSE.
Figure 33 AMP Setu
p > WLSE > Add WLSE Page Illustration
abled between AWMS and
Perform the following steps for optional
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 69
configuration of AWMS for support of Cisco WLSE rogue scanning.
1. To add a Cisco WLSE server to AWMS, navigate to the AMP Setup > WLSE page and click Add.
Complete the fields in this page. Table 33 describes the settings and default values.
Table 33 AMP Setup >
WLSE Fields and Default Values
Setting Default Description
Hostname/IP Address None Designates the IP address or DNS Hostname for the WLSE server, which
Protocol HTTP Specifies the protocol to be used when polling the WLSE.
Port 1741 Defines the port AWMS uses to communicate with the WLSE server
Username None Defines the username AWMS uses to communicate
Password None Defines the password AWMS uses to commu
Poll for AP Discovery; Poll for
Rogue Discovery
Yes Sets the method by which AWMS uses WLSE to poll for discovery of new
must already be configured on the Cisco WLSE server.
.
The username and password must be configured the same way on the
WLSE server and on AWMS.
The user needs permission to display faults to discover rogues and
inventory API (XML API) to
Cisco limitation, only credentials with alphanumeric characters (that have
only letters and numbers, not other symbols) allow AWMS to pull the
necessary XML APIs.
The username and password must be configured the same way on the
WLSE server and on AWMS.
As derived from a Cisco limitation, only credentials with alphanumeric
ch
aracters (that have only letters and numbers, not other symbols) allow
AWMS to pull the necessary XML APIs.
APs
and/or new rogue devices on the network.
discover manageable APs. As derived from a
with the WLSE server.
nicate with the WLSE server.
Last Contacted None Displays the last time AWMS was able to contact the WLSE server.
Polling Period 10 minutes Determines how frequently AWMS polls WLSE to gather rogue scanning
2. After you have completed all fields, click the Save button. AWMS
da
ta.
is now configured to gather rogue
information from WLSE rogue scans. As a result of this configuration, any rogues found by WLSE appear on
the RAPIDS > Rogue page.
What Next?
Navigate to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document.
Dell support remains available to you for any phase of AWMS installation.
70 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Configuring ACS Servers
This is an optional configuration. The AMP Setup > ACS page allows AWMS to poll one or more Cisco ACS
servers for wireless username information. When you specify an ACS server, AWMS gathers information about
your networks wireless users. Refer to the “Configuring TACACS+ and RADIUS Aut
section if you want to use your ACS
server to manage your AWMS users.
Perform these steps to configure ACS servers:
hentication” on page62
1. Navigate to the AM
P Setup > ACS page. This page displays current ACS information, as illustrated in Figure
34.
Figure 34
2. Click Add
AMP Setup > ACS Page Illustration
to create a new ACS server, or click a pencil icon to edit an existing server. To delete an ACS server,
select that server and click Delete. When clicking Add or edit, the Details page appears, as illustrated in
Figure 35.
Figure 35
AMP Setup > ACS > Add/Edit Details Page Illustration
3. Complete the settings on the AMP
Table 34 AMP
Setup > ACS > Add/Edit Details Fields and Default Values
Setup > ACS > Add/Edit Details page. Table 34 describes these fields:
Field Default Description
IP/Hostname None Sets the DNS name or the IP address of the ACS Server.
Protocol HTTP Launches a drop-down menu specifying the pr
the ACS server.
Port 2002 Sets the port through which AWMS
AWMS generally communicates via SNMP traps
Username None Sets the Username of the account AWMS uses to poll the ACS
Password None Sets the password of the account AWMS uses to poll the ACS
Polling Period 10 min Launches a drop-down menu that specifies how fre
server for username information.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 71
communicates with the ACS.
otocol AWMS uses when it polls
on port 162.
server.
server.
quently AWMS polls the ACS
4. Click Add to finish creating the new ACS server, or click Save to finish editing an existing ACS server.
5. The ACS server must have logging enabled for passed authenticat
ions. To configure your ACS server to log
the required information, you must enable the Log to CSV Passed Authentications report option, as follows:
Log in to the ACS server, select System Configuration, then in the Select frame, click the Logging link.
Under Enable Logging, click the CSV Passed Authentications link. The default logging options function
and support AWMS. These include the two columns AWMS requires: User-Name and Caller-ID.
What Next?
Navigate to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document.
Dell support remains available to you for any phase of AWMS installation.
72 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Integrating AWMS with an Existing Network Management Solution (NMS)
This is an optional configuration. The AMP Setup > NMS configuration page allows AWMS to integrate with
other Network Management Solution (NMS) consoles. This configuration enables advanced and interoperable
functionality as follows:
AWMS can forward WLAN-related SNMP traps to the NMS, or AWMS can send SNMPv1 or SNMPv2 traps
to the NMS.
AWMS can be used in conjunction with Hewlett-Packard’s ProCurve Manager.
The necessary files for either type of NMS interoperability are downloaded from the AMP Setup > NMS page
as follows. For additional information, contact Dell support.
Perform these steps to configure NMS
1. Navigate to the AMP Set
Figure 36 AMP Setu
2. Click Ad
information described in Table 35:
Figure 37 AMP Setup >
d to integrate a new NMS server, or click the pencil icon to edit an existing NMS server. Provide the
up > NMS page, illustrated in Figure 36.
p > NMS Integration Page Illustration
NMS Integration Add/Edit Page Illustration
support in AWMS:
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 73
Table 35 AMP Setup >
NMS Integration Add/Edit Fields and Default Values
Setting Default Description
Hostname None Cites the DNS name or the IP address of the NMS.
Port 162 Sets the port AWMS uses to communicate with the NMS.
NOTE: AWMS generally communicates via SNMP traps on port 162.
Community String None Sets the community string used to communicate with the NMS.
SNMP Version v2C Sets the SNMP version of the traps sent to the Host.
Enabled Ye s Enables or disables trap logging to the specified NMS.
Send Configuration
T
raps
Yes Enables NMS servers to transmit SNMP configuration traps.
3. The NMS Integration Add/Edit page includes the Netcool/OMNIbus Integration link. The IBM Tivoli
Netcool/OMNIbus operations management software enables automated event correlation and additional
features resulting in optimized network uptime. Click this link for additional information, specifications, and
brief instructions for installation with AWMS.
4. The NM
S Integration Add/Edit page includes the HP ProCurve Manager Integration link. Click this link for
additional information, zip file download, and brief instructions for installation with AWMS. Click Add on
this page to finish creating the NMS server, or click Save to complete configuration of an existing NMS server.
What Next?
Navigate to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document.
Dell support remains available to you for any phase of AWMS installation.
Auditing PCI Compliance on the Network
This section describes PCI requirements and auditing functions in AWMS, with the following topics:
Introduction to PCI Requirements
PCI Auditing in the AWMS Interface
Enabling or Disabling PCI Auditing
Introduction to PCI Requirements
AWMS supports wide security standards and functions in the wireless network. One component of network
security is the optional deployment of Payment Card Industry (PCI) Auditing.
The Payment Card Industry (PCI) Data Security Standard (DSS)
cardholder data is protected in a wireless network. AWMS supports PCI requirements according to the standards
and specifications set forth by the following authority:
Payment Card Industry (PCI) Data Security Standard (DSS)
PCI Security Standards Council Website
https://www.pcisecuritysta
PCI Quick Reference Guide, Version 1.2 (October 2008)
ndards.org
https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.p
74 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
establishes multiple levels in which payment
df
PCI Auditing in the AWMS Interface
PCI Auditing in AWMS allows you to monitor, audit, and demonstrate PCI compliance on the network. There
are five primary pages in which you establish, monitor, and access PCI auditing, as follows:
The AMP Setup > PCI Compliance page enables or disables PCI Compliance monitoring on the network,
and displays the current compliance status on the network. See “Enabling or Disabling PCI Auditing” on
page76.
The Reports > Definitions page allows you to create custom-configured and custom-scheduled PCI
Compliance reports. See “Reports > Definitions Pa
The Reports > Generated page lists PCI Compliance reports currently available, and allows you to generate
the latest daily version of the PCI Compliance Report with a single click. Refer to “Reports > Generated Page
Overview” on page26
The APs/Devices > PCI Compliance page enables you to analyze PCI Compliance for any specific device on
3.
the network. This page is accessible when you select a specific device from the APs/Devices > Monitor page.
First, you must enable this function through AMP Setup. See “Enabling or Disabling PCI Auditing” on
page76.
The PCI Compliance Report offers additional information. Refer to “Using the PCI Compliance Report” on
page281. This report not only contains Pass
required to resolve a Fail status when
Note: When any PCI requirement is enabled on AWMS, then AWMS grades the network as pass or fail for the respective PCI
requirement. Whenever a PCI requirement is not enabled in AWMS, then AWMS does not monitor the network’s status in relation
to that requirement, and cannot designate Pass or Fail network status. AWMS servers without a RAPIDS license and users without
RAPIDS enabled will not see the 11.1 PCI requirements in the PCI Compliance Report.
sufficient information is available.
ge Overview” on page261.
or Fail status for each PCI requirement, but cites the action
Table 36 PCI Requirements and Support in AWMS
PCI Requirement Description
1.1 Monitoring configuration standards for network firewall devices
When Enabled:
A device fails Requirement 1.1 if there are mismatches between the desir
configuration on the device.
When Disabled: When this PCI requirement is disa
configurations are not checked for PCI compliance in firewall configuration, and Pass or Fail status is
not reported nor monitored.
1.2.3 Monitoring firewall installation between any wire
When Enabled:
When Disabled:
are not checked for PCI compliance.
2.1 Monitoring the presence of vendor-supplied
When Enabled:
passwords are changed prior to a device’s presence and operation in the network.
A device fails requirement 2.1 if the username, passwords
to communicate with the device are on a list of forbidden default credentials. The list includes common
vendor default passwords, for example.
When Disabled: When this PCI requirement is disa
default settings are not checked for PCI compliance.
PCI Requirement 1.1 establishes firewall and router configuration standards.
bled in AWMS, firewall router and device
less networks and the cardholder data environment
A device passes requirement 1.2.3 if it can function as a stateful firewall.
When this PCI requirement is disabled in AWMS, firewall router and device installation
default security settings
PCI Requirement 2 establishes the standard in which all vendor-supplied default
or SNMP credentials being used by AWMS
bled in AWMS, device passwords and other vendor
ed configuration and the
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 75
Table 36 PCI Requirements and Support in AWMS
PCI Requirement Description
2.1.1 Changing vendor-supplied defaults for wireless environments
When Enabled:
settings are on a list of forbidden values that AWMS establishes and tracks. The list includes common
vendor default passwords. The user can input new values to achieve compliance.
When Disabled: When this PCI requirement is disa
checked for forbidden information and PCI Compliance is not established.
4.1.1 Using strong encryption in wireless networks
When Enabled:
encrypted prior to transmission across open public networks. PCI disallows WEP encryption as an
approved encryption method after June 20, 2010. A device fails requirement 4.1.1 if the desired or actual
configuration reflect that WEP is enabled on the network, or if associated users can connect with WEP.
When Disabled: When this PCI mo
a pass or fail status with regard to PCI encryption requirements on the network.
11.4 Using intrusion-detection or intrusion-prevention systems to monitor all traffic
When Enabled:
events. Recent IDS events are summarized in the PCI Compliance report or the IDS Report.
When Disabled: When this fu
compliant intrusion detection or prevention systems, nor can it report Pass or Fail status with regard to
IDS events.
A device fails requirement 2.1.1 if the passphrases, SSIDs, or other security-related
bled in AWMS, then network devices are not
PCI Requirement 4 establishes the standard by which payment cardholder data is
nitoring function is disabled in AWMS, then AWMS cannot establish
AWMS reports pass or fail status when monitoring devices capable of reporting IDS
nction is disabled, then AWMS does not monitor the presence of PCI-
Enabling or Disabling PCI Auditing
Perform these steps to verify status and to enable or disable AWMS support for PCI 1.2 requirements. enabling
one or all PCI standards on AWMS enables real-time information and generated reports that advise on Pass or
Fail status. The PCI auditing supported in AWMS is reported in Table 36.
1. To determine what PCI Compliance standards are enabl
AMP Setup > PCI Compliance page,
Figure 38 AMP Setup >
PCI Compliance Page Illustration
2. To enable, disable, or edit any categor
illustrated in Figure 38.
y of PCI Compliance monitoring in AWMS, click the pencil icon next
ed or disabled on AWMS, navigate to the
to the compliance category you wish to change. The Default Credential Compliance page displays for the
respective PCI standard.
3. Create changes as required. Specific credentials can be cited in the Forbidden Credentials section o
page to enforce PCI requirements in AWMS. Figure 39 illustrates one example.
f any Edit
76 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Figure 39 Default Credential Compliance for PCI Requirements
4. Click Save to retain t
5. To view and monitor PCI auditing
Running, and Emailing Reports” . In addition, you can view the real-time
he settings. The PCI Compliance page should reflect changes on the next viewing.
on the network, use generated or daily reports. See Chapter 9, “Creating,
PCI auditing of any given device
online. Perform these steps:
a. Navigate to the APs/Devic
es > List page, click a specific device, and the Monitor page for that device
displays. The Monitor page displays a Compliance page in the menu bar.
b. Click the Co
mpliance page to view complete PCI compliance auditing for that specific device.
What Next?
For additional information about configuring WLAN Gateways or WLAN controllers such as BlueSocket,
ReefEdge, or ProCurve wireless gateways, refer to “Third-Party Security Integration for AWMS” on page305.
Navigate to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document.
Dell support remains available to you for any phase of AWMS installation.
Deploying WMS Offload
Overview of WMS Offload in AWMS
This section describes the Dell PowerConnect W Wireless LAN Management Server (WMS) offload
infrastructure. WMS Offload is supported with the followin
g two requirements:
ArubaOS Version 2.5.4 or later
AWMS Version 6.0 or later
The Dell Po
werConnect W WMS feature is an enterprise-level hardware device and server architecture with
managing software for security and network policy. There are three primary components of the WMS
deployment:
Air Monitor AP devices establish and monitor RF activity on the network.
The WMS server manages devices and network activity, to include rogue AP detection and enforcement of
network policy.
The AWMS graphical user interface (GUI) allows users to access and use the Dell PowerConnect W WMS
functionality.
In AWMS Version 6.1 and Version 6.2, WMS Offload
is the ability to offload the WMS server data and GUI
functions into AWMS. WMS master controllers provide this data so that AWMS can support rigorous network
monitoring capabilities. Additional support for WMS Offload continues with newer versions of AWMS.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring AWMS | 77
General Configuration Tasks Supporting WMS Offload in AWMS
WMS Offload must be enabled with a six-fold process and related configuration tasks, as follows:
1. Configure WLAN switches for o
Disable debugging.
Ensure AWMS server is a trap receiver host.
Ensure proper traps are enabled.
2. Configure AWMS to optimal
Enable WMS offload.
Configure SNMP communication.
Create a proper policy for monitoring Dell PowerConnect W infrastructure.
Discover the infrastructure.
ptimal AWMS monitoring.
ly monitor the Dell PowerConnect W infrastructure.
3. Configure device classification.
Set up rogue classification.
Set up rogue classification override.
Establish user classification override devices.
4. Deploy Dell PowerConnect W-specific m
Enable remote AP and wired network monitoring.
View controller license information.
5. Convert existing floor plans to VisualRF
MMS
onitoring features.
, to include the following elements:
AOS
RF Plan
6. Use RTLS for increasing location accuracy
Enable RTLS service on the AWMS server.
Enable RTLS on Dell PowerConnect W Infrastructure.
(optional).
Additional Information Supporting WMS Offload
For additional information, including detailed concepts, configuration procedures, restrictions, Dell
PowerConnect W infrastructure, and AWMS version differences in support of WMS Offload, refer to the Dell
PowerConnect W Dell Best Practices Guide.
78 | Configuring AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Chapter 4
Configuring and Using Device Groups in AWMS
This chapter describes the deployment of device groups within AWMS. The section below describes the pages or
focused sub-menus available on the Groups tab. Note that the available sub-menus can vary significantly from
one device group to another—one or more sub-menus may not appear, depending on the default group display
option selected on the AMP Setup > General page and the types of devices you add to AMP.
List—This page is the default page in the Groups section of AWMS. This page lists all groups currently
configured in AWMS and provides the foundation for all group-level configurations. See “Viewing All
Defined Device Groups” on page81. In the case of WLAN switches and conf
Configuration Guide.
Monitor—This page displays user and bandwidth information, lists devices in a given group, provides an Alert
Summary table for monitoring alerts for the group, and provides a detailed Audit Log for device-level activity
in a given group. Several procedures in this chapter cite the Groups > Monitor page.
Note: The Incidents portion of the Alert Summary table only increments the counter for incidents that are open and associated to
an AP. The incidents are based on the Top folder on the Groups > Monitor page and on the Home > Overview page. Incidents that
are not related to devices in that folder are not counted in this Alert Summary. To view all incidents, including those not associated
to an AP, navigate to the Helpdesk > Incidents page.
iguration, refer also to the Aruba
Basic—This sub-menu page appears when you create a new group with the Add button on the Groups > List
page. Once you define a group name, AWMS displays the Basic page from which you configure many grouplevel settings. This page remains available for any device group configured in AWMS.
Refer to “Configuring Basic Group Settings” on page83.
Templates—This page manages templates for any device group. Templates allow you to manage the
configuration of Dell PowerConnect W, 3Com, Alcatel-Lucent, Aruba Networks, Cisco Aironet IOS,
Enterasys, HP, Hirschmann, LANCOM, Nomadix, Nortel, Symbol and Trapeze devices in a given group using
a configuration file. Variables in such templates configure device-specific properties, such as name, IP address
and channel. Variables also define group-level properties. For additional information about using the
Templates page, refer to Chapter 6, “Creating and Using Templates” on page17
Security—This page defines general security settings for device groups, to include TACACS+, RADIUS,
encryption, and additional security settings on devices. Refer to “Configuring Group Security Sett
5.
ings” on
page91.
SSIDs—This page sets SSIDs, VLANs, and related parameters in device groups. Refer to “Configuring Group
SSIDs and VLANs” on page94.
AAA Servers—This page configures authentication, authorization, and accounting settings in support of
TACACS+ and RADIUS servers for device groups. Refer to “Adding and Configuring Group AAA Servers” on
page98.
Radio—This page defines general 802.11 radio settings for device groups. Refer to “Configuring Radio
Settings for Device Groups” on page100.
Dell PowerConnect W Configuration—This page manages Dell PowerConnect W Device Groups, AP
Overrides, and other profiles specific to Dell PowerConnect W devices on the network. Use this page in
combination with the Device Setup > Dell PowerConnect W Configuration page. For additional
information, refer to the Dell PowerConnect W Configuration Guide.
Cisco WLC Config—This page consolidates controller-level settings from the Group Radio, Security, SSIDs,
Cisco WLC Radio and AAA Server pages into one navigation tree that is easier to navigate, and has familiar
Dell PowerConnect W AirWave 7.1 | User Guide Configuring and Using Device Groups in AWMS | 79
layout and terminology. Bulk configuration for per-thin AP settings, previously configured on the Group
LWAPP APs tab, can now be performed from Modify Devices on the APs/Devices List page. Refer to
“Configuring Cisco Controller
PTMP/WiMAX—This page defines settings specific to Proxim MP devices when present. Refer to
“Configuring Group PTMP/WiMAX
Proxim Mesh—This page defines mesh AP settings specific to Proxim devices when present. Refer to
Settings” on page110.
Settings” on page112.
“Configuring Proxim Mesh Radio Settings” on page116.
MAC ACL—This page defines MAC-specific settings that apply to Proxim, Cisco Vxworks, Symbol, Intel and
Procurve520 devices when present. Refer to “Configuring Group MAC Access
Firmware—This page manages firmware files for many devices. “Specifying Minimum Firmware Versions for
APs in a Group” on page11
Compare—This page allows you to compare line item-settings between two device groups. On the Groups >
9.
Control Lists” on page118.
List page, click Compare Two Groups, select the two groups from the drop-down menus, then click
Compare. The Compare page allows you to edit any line-item configuration for either of the two groups you
compare. “Comparing Device Groups” on
page120.
This chapter also provides the following additiona
“Deleting a Group” on page121
“Changing Multiple Group Configurations” on page121
“Modifying Multiple Devices” on page122
“Using Global Groups for Group Configuration” on page125
l procedures for group-level configurations:
AWMS Group Overview
Enterprise APs, controllers, routers, and switches are complex devices with hundreds of variable settings that
must be configured precisely to achieve optimal performance and network security. Configuring all settings on
each device individually is time consuming and error prone. AWMS addresses this challenge by automating the
processes of device configuration and compliance auditing. At the core of this approach is the concept of groups,
with the following functions and benefits:
AWMS allows certain settings to be managed efficiently at a "Group level" while others are managed at an
"individual device level."
AWMS defines a group as a subset of the devices on the wireless LAN, ranging in size from one device to
hundreds of devices that share certain common configuration settings.
Groups may be defined based on geography (such as “5th Floor APs”), usage or security policies (such as
“Guest Access APs”), function (such as “Manufacturing APs”), or any other variable appropriate for your
business needs.
Devices within a group may be from different vendors or hardware models—the core requirement and benefit
of this approach is that all devices within a group share certain basic configuration settings.
Typical group configuration variables
include basic settings (SSID, SNMP polling interval, and so forth), security
settings (VLANs, WEP, 802.1x, ACLs, and so forth), and some radio settings (data rates, fragmentation
threshold, RTS threshold, DTIM, preamble, and so forth). When configuration changes are applied at a group
level, they are assigned automatically to every device within that group. Such changes must be applied with every
device in Managed mode. Monitor mode is the more common mode.
Individual device settings—such as device name, RF channel selection, RF transm
ission power, antenna settings,
and so forth—typically cannot and should not be managed at a group level and must be configured individually to
achieve optimal performance. Individual AP settings are configured on the APs/Devices > Manage page.
With AWMS, you can create as many dif
ferent groups as required. AWMS users usually establish groups that
range in size from five to 100 wireless devices.
80 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Group configuration can be enhanced with the AWMS Global Groups feature; this feature allows you to create
global groups with master configurations that are pushed to individual subscriber groups. More information is
available in page 125 as well as the section on the “Supporting AWMS Stations with the Master Console” on
page239.
Viewing All Defined Device Groups
To display a list of all groups that have been defined in AWMS, browse to the Groups > List page, illustrated in
Figure 40. Table 37 describes the contents and
functions of this page.
Figure 40 Groups
Table 37 Groups
> List Page Illustration
> List Page Fields and Default Values
Column Description
Add New Group Launches a page that enables you to add a new group by name and to define group parameters for
devices in that group. For additional information, refer to “Configuring Basic Group Settings” on page83.
Manage
(wrench icon)
Name Displays a user-defined name that uniquely identifies the group by location, vendor, department or any
The wrench icon for any existing group provides a hyperlink to the Groups >
begin editing Group configuration settings for that group.
other identifier (such as "Accounting APs," "Floor 1 APs," "Cisco devices," "802.1x APs," and so forth).
Basic configuration page to
Is Global Group Identifies whether or not the group has
subscriber groups. Global groups cannot contain APs and are visible by users of any role.
Global Group Displays the global group to which the
SSID Column represents the Service Set Identifier (SSID) assign
Total Devices Column represents the total number of devices contained in the gr
and routers or switches.
Down Column represents the number of access points within the group
no longer associated to a controller. Note that thin APs are not directly polled with SNMP, but are polled
through the controller. That controller may report that the thin AP is down or is no longer on the controller.
At this point, AWMS classifies the device as down.
Mismatched Column represents the number of access points or wireless
mismatched state.
Ignored Column displays the number of ignored devices in that group.
Users Column represents the number of mobile users associated with all
avoid double counting of users, users are only listed in the group of the AP with which they are
associated. Note that device groups with only controllers in them report no users.
BW (kbps) Column represents a running average of the sum of
been identified as a global group that can be used to configure
group is subscribed, if any.
ed to all devices within the group.
controllers within the group that are in a
bytes in and bytes out for the managed radio page.
oup, including APs, wireless controllers
that are not reachable via SNMP or are
access points within the group. To
Dell PowerConnect W AirWave 7.1 | User Guide Configuring and Using Device Groups in AWMS | 81
Table 37 Groups > List Page Fields and Default Values (Con tin ue d)
Column Description
Up/Down Status
Polling Period
Duplicate Column represents a hyperlink, and the link creates a new group with the name Copy of <Group Name>
Note: When you first configure AWMS, there is only one default group labeled Access Points. If you have no other groups
configured, refer to “Configuring Basic Group Settings” on page83.
Column represents the time between Up/Down SNMP polling periods for each device in the group.
Detailed SNMP polling period information is available on the Groups > Basic configuration page. Note that
by default, most polling intervals do not match the up/down period.
with
the same group configuration.
Editing Columns on the Groups > List Page and Additional Pages
Perform the following steps to edit the columns that appear on the Groups > List page. All additional list and
reports pages in AWMS Version 7.0 and later allow you to edit the presence and sequence of columns in this
manner:
1. Above the list or report, click Edit Columns. The supported columns appear in a popu
in Figure 41:
Figure 41 Edit Columns Illust
ration for the Groups > List Page
p window, as illustrated
2. To remove one or more columns from the G
roups > List page, click to remove the check mark from the
associated checkbox.
3. To change the sequence in which columns ap
pear on the Groups > List page, place your cursor over the drag-
and-drop icon, left click, move the column to the new position, and release.
4. Click Save to retain your settings. The G
The following pages include columns abl
Home > Search (results)
Helpdesk > Incidents
Groups > List
Groups > Monitor
Groups > Cisco WLC Config
APs/Devices > List
APs/Devices > New
APs/Devices > Up
APs/Devices > Down
APs/Devices > Mismatched
82 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.1 | User Guide
roups > List page displays your changes.
e to be edited for data display:
APs/Devices > Ignored
Users > Connected
Users > All
Users > Guest Users
Users > Tags
Reports > Generated
Reports > Definitions (defining report setup)
Device Setup > Discover
Device Setup > Aruba Configuration (and several additional pages in this section)
AMP Setup > NMS
AMP Setup > RADIUS Accounting
RAPIDS > Rogue APs
RAPIDS > Score Override
Configuring Basic Group Settings
The first default device group that AWMS sets up is the Access Points group, but you can use this procedure to
add and configure any device group. Perform these steps to configure basic group settings, then continue to
additional procedures to define additional settings as required.
1. Navigate to the Gr
2. To create a new group, click Add. Enter a gro
To edit an existing device group, click the manage (wrench)
oups > List page. Existing device groups appear on this page.
up name and click Add. The Group > Basic page appears.
icon next to the group. The Group > Basic page
appears. If you hover your cursor over an existing group’s manage (wrench) icon, a popup menu appears after
a moment, and allows you to click Basic, Templates, Security, SSIDs, AAA Servers, or Radio to edit those
pages as desired.
Figure 42 illustrates the Gr
contains. This page may change over t
oups > Basic page. Page content differs according to the devices that a group
ime as you add or remove devices from the group.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring and Using Device Groups in AWMS | 83
Figure 42 Groups > Basic Page Illustration
3. Define the settings in the Ba
default values of this Basi
84 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.1 | User Guide
sic and Global Group sections. Table 38 describes several typical settings and
c section.
Table 38 Basic an
d Global Group Fields and Default Values
Setting Default Description
Name Defined when
Missed SNMP
Poll Threshold
Regulatory
Domain
Timezone AMP System
Allow One-toOne NAT for
Groups
Audit
Configuration on
Devices
Global Groups No When enabled, this field allows you to define th
first adding the
group
1 Sets the number of Up/Down SNMP polls that must be missed before
United States Sets the regulatory domain in AWMS, limiting the
Tim e
No Allows AWMS to talk to the devices on a different IP ad
Yes Auditing and pushing of configuration to devices can be disabled on all th
Displays or changes the group name. As desired, use this field to set the user-definable
name to uniquely identify the group by location, vendor, department, or any other
identifier (such as “Accounting APs,” “Floor 1 APs,” “Cisco devices,” “802.1x APs,” and
so forth).
device to be down. The number of SNMP retries and the SNMP timeout of a poll can be
set on the Device Setup > Communication page.
group.
Allows group configuration changes to be scheduled relative to the time zone in which
the devices are located. This setting is used for scheduling group-level configuration
changes.
the device.
NOTE: If ena
page under the Settings area is different than the IP Address under the Device
Communication area.
the group. Once disabled, all the devices in the groups will not be counted towards
mismatched devices.
Refer also to “Using Global Groups for Group Configur
bled, the LAN IP Address listed on the AP/Devices > Manage configuration
AWMS considers a
selectable channels for APs in the
dress than the one configured on
e devices in
e device group to be a global group.
ation” on page125.
4. Complete the SNMP Polling Periods section. The information in this section overrides default settings.
Table 39 describes the SNMP polling settings.
Table 39 SNMP Polling Period Fields and Default Values
Setting Default Description
Up/Down Status Polling
Period
Override Polling Period for
Other Services
User Data Polling Period 5 minutes Sets time between SNMP polls for User Data
Thin AP Discovery Polling
Peri
od
Device-to-Device link Polling
Peri
od
Device Bandwidth Polling
Peri
od
802.11 Counters Polling Period 5 minutes Sets time between SNMP polls for 802.11 Co
5 minutes Sets time between Up/Down SNMP polling for each device in the group.
The Group SNMP Polling Interval overrides the global parameter configured on
the Device Setup
initial polling interval of 5 minutes for most networks.
No Radio button enables or disables
select Yes for this field, then the other settings in the SNMP Polling Periods
section are activated, and you can override default values.
5 minutes Sets time between SNMP polls for Thin AP Device Discovery. Controllers are the
only devices affected by this polling interval.
5 minutes Sets time between SNMP polls for Device-to-Device link polling. Mesh APs are
the only devices affected by this polling interval.
5 minutes Sets the interval at which AWMS polls for the bandwidth being used by a device.
> Communication configuration page. Aruba recommends an
overriding the base SNMP Polling Period. If you
for devices in the group.
unter information.
Rogue AP and Device
Locatio
n Data Polling Period
Dell PowerConnect W AirWave 7.1 | User Guide Configuring and Using Device Groups in AWMS | 85
5 minutes Sets time between SNMP polls for Rogue AP and Device Location Data polling.
Table 39 SNMP Polling Period Fields and Default Values (Continued)
Setting Default Description
CDP Neighbor Data Polling
Period
30 minutes Sets the frequency in which this group polls the network for Cisco Discovery
Protocol (CDP) neighbors.
5. Record additional information and comments about the group in the Notes section.
6. To configure which options and tabs
are visible for the group, complete the settings in the Group Display
Options section. Table 40 describes the settings and default values.
Table 40 Group Display Options Fields and Default Values
Setting Default Description
Show device
settings for:
Only Devices on
this AMP
Drop-down menu determines which Group tabs and options are to be viewable by
default in new groups.
Settings include the following:
All Devices—AWMS displays all Group tabs and setting options.
Only Devices in this group—AWMS hides all options and tabs that do not apply to
the devices in the group. If you use this setting, then to get the group list to display
the correct SSIDs for the group, you must perform a Save and Apply action on the
group.
Only Devices on this AMP—AWMS hides all options and tabs that do not apply to
the APs and devices currently on AWMS.
Use system defaults—Use the default settings defined on the AWMS configuration
page
Selected device types—Allows the user to specify the device types for which
AWMS displays Group settings.
Selected Device
Types
Disabled If you chose to display selected device types, then this option appears, allowing you to
select the device types for which AWMS displays group settings. Click Select devices in
this group for a quick way to display only devices in the current group being configured.
7. To assign dynamically a range of static IP addresses to new devices as they are added into the group, locate the
Au
tomatic Static IP Assignment section on the Groups > Basic configuration page. If you select Yes in this
section, additional fields appear. Complete these fields as required. Table 41 describes the settings and
default values.
Table 41 Automatic Static IP Assignment Fields and Default Values
Setting Default Description
Assign Static IP
Addresses to
Devices
Start IP Address Blank Sets the first address AWMS assigns to the
Number of
Addresses
Subnet Mask Blank Sets the subnet mask to be assigned to the devices in the Group.
Subnet Gateway Blank Sets the gateway to be assigned to the devices in the Group.
Next IP Address Blank Defines the next IP address queued for assignment. Th
No Enables AWMS to statically assign IP addresses from a specified range to all devices in
Blank Sets the number of addresses in the pool fro
the Group.
devices in the Group.
m which AWMS can assign IP addresses.
is field is disabled for the initial
Access Points group.
86 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.1 | User Guide
8. To configure Spanning Tree Protocol on WLSE devices and Proxim APs, locate the Spanning Tree Protocol
section on the Groups > Basic configuration page. Adjust these settings as required. Table 42 describes the
settings and default values.
Table 42 Sp
anning Tree Protocol Fields and Default Values
Setting Default Description
Spanning Tree
Protocol
Bridge Priority 32768 Sets the priority for the AP. Values range from 0 to 65535. Lowe
Bridge Maximum
Age
Bridge Hello Time 2 Sets the time, in seconds, between Hello message broadcasts.
Bridge Forward
Delay
9. To configure NTP settings locate
the settings and default values.
Table 43 NTP Fields and Default Values
No Enables or disables Spanning Tree Protocol on WLSE devices and Proxim APs.
The lowest value is the root of the spanning tree. If all devices are at default the device with
the lowest MAC address will become the root.
20 Sets the maximum time, in seconds, tha
supported range is from 6 to 40.
15 Sets the time, in seconds, that the port spends in
tree has changed.
t the device stores protocol information. The
listening and learning mode if the spanning
the NTP section and adjust these settings as required. Table 43 describes
Setting Default Description
r values have higher priority.
NTP Server #1,2,3 None Sets the IP address of the NTP server that is to be configured on the AP.
UTC Time Zone 0 Sets the hour offset from UTC time to local time
and logs use the time set on the AWMS server.
Daylight Saving
Time
No Enables or disables the advanced daylight saving time settings in the Proxim and HP
ProCurve 420 sections of the Groups > Basic configuration page.
10. To configure settings specific to Cisco IOS/VxWorks, locate the Ci
for the AP. Times displayed in AWMS graphs
sco IOS/VxWorks section and adjust these
settings as required. Table 44 describes the settings and default values.
Table 44 Cisco IOS/VxWorks Fields and Default Values
Setting Default Description
Cisco IOS SNMP
Version
Cisco IOS CLI
Communication
Cisco IOS Config File
Communication
Track Usernames on
Cisco Aironet
VxW
orks APs
2c Drop-down menu specifies the version of SNMP used by AWMS to communicate to
the AP.
Te ln e t Sets the protocol AWMS uses to communicate with Cisco
uses the secure shell for command line page (CLI) communication. Selecting Telnet
sends the data in clear text via Telnet.
TFTP Sets the protocol AWMS uses to communicate with
uses the secure copy protocol for file transfers. Selecting TFTP will use the insecure
trivial file transfer protocol. The SCP login and password should be entered in the
Telnet username and password fields.
No Configures VxWorks APs to send SNMP packets to AWMS.
IOS devices. Selecting SSH
Cisco IOS devices. Selecting SCP
Dell PowerConnect W AirWave 7.1 | User Guide Configuring and Using Device Groups in AWMS | 87
11. To configure settings specific to Cisco WLC, locate the Cisco WLC section and adjust these settings as
required. Table 45 describes the settings and default values.
Table 45 Cisco WLC F
ields and Default Values
Setting Default Description
SNMP Version 2c Drop-down menu specifies the version of SNMP used by AWMS to communicate to
CLI Communication Te l ne t Sets the protocol AWMS uses to communicate with Cisco IOS devices. Selecting SSH
Note: When configuring Cisco WLC controllers, refer also to “Configuring Wireless Parameters for Cisco Controllers” on
page110.
12. To configure Proxim/Avaya specific settings locate the Proxim/A
required. Table 46 describes the settings and default values.
Table 46 Proxim/Avaya Fields and Default Values
WLC controllers.
uses the secure shell for command line page (CLI) communication. Selecting Telnet
sends the data in clear text via Telnet.
vaya section and adjust these settings as
Setting Default Description
SNMP Version 1 Drop-down menu specifies the version of SNMP used by AWMS to communicate to the
AP.
Enable DNS
Client
Primary DNS
server
Secondary DNS
server
Default DNS
omains
d
HTTP Server Port 80 AWMS sets this port as the HTTP server
Country Code United States Configures AWMS to derive its time settin
13. To configure HP ProCurve 420 specific settings, locate the HP ProCurve 420 se
as required. Table 47 describes the settings
No Enables the DNS client on the AP. Enabling the DNS client allows you to set some values
on the AP by hostname instead of IP address. If you select Yes for this setting, additional
DNS fields display.
Blank Sets the IP address of the Pr
Blank Sets the IP address of the Secondary DNS server.
Blank Sets the default DNS domain used by the AP.
specified in this field.
imary DNS server.
port on all Proxim APs in the group.
gs based on the country of location, as
ction and adjust these settings
and default values.
Table 47 HP ProCurve 420 Fields and Default Values
Setting Default Description
SNMP Version 2c Drop-down menu specifies the version of SNMP used by AWMS to communicate to the
AP.
ProCurve XL/ZWeSM CLI
Communication
88 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Te ln e t Sets the protocol AWMS uses to communicate with
Selecting SSH will use the secure shell for command line page (CLI) communication.
Selecting telnet will send the data in clear text via telnet.
ProCurve XLWeSM devices.
Table 47 HP ProCurve 420 Fields and Default Values
Setting Default Description
SNMP Version 2c Drop-down menu specifies the version of SNMP used by AWMS to communicate to the
AP.
Note: DST Start Month, Start Day, End Month and End Day are only visible if Daylight Saving Time is enabled in the NTP section of
the Groups > Basic configuration page.
14. To configure Symbol or Intel-specific settings, locate the Symbol/Intel section and adjust these settings as
required. Table 48 describes the settings and default values of this section.
Table 48 Symbol/Intel Fields and Default Values
Setting Default Description
SNMP Version 2c Drop-down menu specifies the version of SNMP used by AWMS to communicate to the
device.
Symbol/Intel Client
Inactivity Timeout
(3-60
0 min)
Symbol Controller
CLI Communication
Web Config
Interface
15. To configure settings specific to Del
these settings as required. Table 49 describes the settings and default
3 Sets the minutes of inactivity after which a client associated to an Intel or Symbol AP will
be considered "inactive." A lower value typically provides a more accurate representation
of current WLAN usage.
NOTE: For
are no longer associated to an AP.
Te ln e t Select which connection type is to support the command-line interface (CLI) connection.
The options are Telnet and secure shell (SSH). This is supported for WS5100 and RFS7000
devices only.
Yes Enables or disables the http/htt
devices.
other APs, AWMS has more precise methods to determine when inactive clients
ps configuration page for the Symbol 4131 and Intel 2011
l PowerConnect W, locate the Dell PowerConnect W section and adjust
values of this section.
Table 49 Dell PowerConnect W Fields and Default Values
Setting Default Description
SNMP Version 2c Drop-down menu specifies the version of SNMP used by AWMS to communicate to the AP.
Offload Dell
PowerConnect W
WMS data
base
No Configures commands previously documented in the Dell PowerConnect W AirWave Best
Practices Guide. See the current Best Practices guide for more information about this
feature. When enabled, this feature allows AWMS to display historical information for WLAN
switches.
Changing the setting to Ye
mode without rebooting the controller. The command can be pushed to controllers in manage
mode (also without rebooting the controller) if the Allow WMS Offload setting on the AWMS
configuration page is changed to Yes.
s pushes commands via SSH to all WLAN switches in Monitor Only
Dell PowerConnect
W GUI
Config
Dell PowerConnect W AirWave 7.1 | User Guide Configuring and Using Device Groups in AWMS | 89
Yes Enables or disables AWMS support for the Dell PowerConnect W configuration interface.
This setting relates to the Device Setup > Dell PowerConnect W Configuration page and all
related operations. For additional information, refer to the Dell PowerConnect W
Configuration Guide.
16. To configure settings for 3Com, Enterasys, Nortel, or Trapeze devices, locate the 3Com/Enterasys/Nortel/
Trapeze section and adjust these settings as required. Table 50 describes the settings and default values of this
section.
Table 50 3
Com/Enterasys/Nortel/Trapeze Fields and Default Values
Setting Default Description
SNMP Version 2c Drop-down menu specifies the version of SNMP used by AWMS to communicate to the AP.
17. To configure support for routers and switche
s in the Access Points group, locate the Routers and Switches
section and adjust these settings as required. This section defines the frequency in which all devices in the
Access Points group poll for IP routing information. This can be disabled entirely as desired. Table 51
describes the settings and default
values of this section.
Table 51 Routers and Switches Fields and Default Values
Setting Default Description
Read ARP Table 4 hours Sets the frequency in which devices poll routers and switches for Address Resolution
Read CDP Table for
Device Discovery
Read Bridge
Forwarding T
able
4 hours Sets the frequency in which devices poll routers and switches for
4 hours Sets the frequency in which devices poll the network for bridge forwarding information. This
Protocol (ARP) table information. This setting can be disabled, or set to poll for ARP
information in a range from every 15 seconds to 12 hours.
Cisco Discovery Protocol
(CDP) information. This setting can be disabled, or set to poll for CDP neighbor information in
a range from every 15 seconds to 12 hours.
setting can be disabled, or set to poll bridge forwarding tables from switches in a range from
every 15 seconds to 12 hours.
Interface Polling
Peri
od
18. To configure settings for universal d
5 minutes Sets the frequency in which network interfaces are polled. This setting can be disabled, or set
to poll bridge forwarding tables from switches in a range from every 15 seconds to 12 hours.
evices on the network, including routers and switches that support both
wired and wireless networks, locate the Universal Devices, Routers and Switches section of the Groups >
Basic page and define the version of SNMP to be supported.
Table 52 Universal Devices, Routers and Switches Fields and Default Values
Setting Default Description
SNMP Version 2c Drop-down menu specifies the version of SNMP used by AWMS to communicate with
19. Click Save when the configurations of
settings, but without pushing these settings to all devices in the Access Points group. Save is a good option if
you intend to make additional device changes in the Access Points group, and wish to wait until all
configurations are complete before you push all configurations at one time.
Click Save and
Apply to save and push these configurations to devices immediately in the Access Points
group, or click Revert to return to the most recently saved settings.
universal devices on the network.
the Groups > Basic configuration page are complete to retain these
What Next?
Continue to additional sections in this chapter to create new groups or to edit existing groups.
Once general group-level configurations are
complete, continue to later chapters in this document to add or edit
additional device-level configurations and to use several additional AWMS functions.
90 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Configuring Group Security Settings
The Groups > Security page allows you to set security policies for APs in a device group. Perform these steps.
1. Select the device group for which to def
2. Select the Groups > Security page. Some
ine security settings from the Groups > List page.
controls on this page interact with additional AWMS pages. Figure
43 illustrates this page and Table 53 explains the fields and default values.
Figure 43 Group
s > Security Page Illustration
Table 53 Group
s > Security Page Fields and Default Values
Setting Default Description
VLANs Section
VLAN Tagging and Multiple
IDs
SS
Management VLAN ID Untagged This setting sets the ID for the manageme
Dell PowerConnect W AirWave 7.1 | User Guide Configuring and Using Device Groups in AWMS | 91
Enabled This field enables support for VLANs and multiple SSIDs on the wireless network. If
this setting is enabled, define additional VLANs and SSIDs on the Groups > SSIDs
page. Refer to “Configuring Group SSIDs and VLANs” on page94.
nt VLAN when VLANs are enabled in
AWMS. This setting is supported only for the following devices:
Proxim AP-600, AP-700, AP-2000, AP-4000
Avaya AP-3, Avaya AP-7, AP-4/5/6, AP-8
ProCurve520WL; ProCurve420
Enterasys AP3000
Table 53 Groups > Security Page Fields and Default Values (Continued)
Setting Default Description
Permit RADIUS-Assigned
Dynamic VLANs
VLAN ID Format Hex This setting defines the naming convention for VLANs to be supported in AWMS.
Ethernet Untagged VLAN ID
(1-40
94)
General Section
Create Closed Network No If enabled, the APs in the Group do not broadcast their SSIDs.
Block All Inter-client
Communication
EAP Options Section
WEP Key Rotation Interval 300 Sets the frequency at which the Wired Equivalent Privacy (WEP) keys are rotated in
Session Key Refresh Rate 0 Sets the frequency at which the general session key is refreshed in the device
No This setting enables dynamic VLANs to be assigned by the RADIUS server. This
setting is supported only for HP ProCurve 420.
The supported naming formats are ASCII and Hexadecimal.
1 This field defines the VLAN that will use untagged Ethernet. The VLAN must be a
number between 1 and 4094, and defines the untagged VLAN ID for the RoamAbout
AP3000.
NOTE: Arub
intruders to detect your wireless network.
No If enabled, this setting blocks client devices associated with an AP from
communicating with other client devices on the wireless network.
NOTE: This option may
Forwarding), which can be useful for enhanced security on public wireless
networks.
the device group being configured. The supported range is from 0 to 10,000,000
seconds.
gr
oup being configured. The supported range is from 1 to 40 minutes. This setting is
supported only for HP ProCurve 420.
a recommends creating a closed network to make it more difficult for
also be identified as PSPF (Publicly Secure Packet
Session Timeout 0 Sets the time at which the session times out fo
The supported range is from 0 to 65,535 seconds. This setting is supported only for
HP ProCurve 420.
Cisco TKIP No Sets the device group to use the Cisco Temporal Key Inte
enabled, TKIP provides per-packet key mixing, a message integrity check and a rekeying mechanism, thus fixing the flaws of WEP.
NOTE: TKIP
Cisco MIC Disabled Sets the device group to use the Cisco Message Integrity
MMH encryption enables this function.
If enabled, Message Integrity Check (MIC) adds several bytes per packet to make it
more
RADIUS Authentication Servers Section
RADIUS Authentication
Server #1
Authentication Profile
Na
Authentication Profile
Index
RADIUS Accounting Servers Section
RADIUS Accounting Server
#1 -
- #4
me
#4
Not selected Defines one or more RADIUS Authentication servers to be supported in this device
group. Select up to four RADIUS authentication servers from the four drop-down
menus.
AMPDefined
Server #1
1 For Proxim devices only, this field sets the name of the authentication
Not selected Defines one or more RADIUS Accounting servers to be supported in this device
For Proxim devices only, this field sets the name of the authentication profile to be
supported in this device group.
to be supported in this device group.
group. Select up to four RADIUS accounting servers from the four drop-down
menus.
can only be enabled when EAP-based security is used.
difficult to tamper with the packets.
r the device group being configured.
grity Protocol (TKIP). If
Check (MIC). Selecting
profile index
92 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Table 53 Groups > Security Page Fields and Default Values (Continued)
Setting Default Description
Authentication Profile
Name
Authentication Profile
Index
Accounting For Proxim devices only, this field sets the name of the accounting profile to be
supported in this device group.
3 For Proxim devices only, this field sets the name of the accounting profile index to
be supported in this device group.
MAC Address Authentication Section
MAC Address
Authentication
No If enabled, only MAC addresses known to the RADIUS server are permitted to
asso
ciate to APs in the Group.
MAC Address Format Single Dash Allows selection of the format for MAC addresses used in RADIUS authentication
and accounting requests:
Dash Delimited: xx-xx-xx-xx-xx-xx (default)
Colon Delimited: xx:xx:xx:xx:xx:xx
Single-Dash: xxxxxx-xxxxxx
No Delimiter: xxxxxxxxxxxx
This option is supported only for Proxim AP-600, AP-700, AP-2000
, AP-4000, Avaya
AP3/4/5/6/7/8, HP ProCurve 520WL, ProCurve 420 v2.1.0 and higher.
Authorization Lifetime 1800 Sets the amount of time a user can be connected before reauthorization is required.
The supported range is from 900 to 43,200 seconds.
Primary RADIUS Server
Reattempt Period
0 Specifies the time (in minutes) that the AP awaits responses from the primary
RADIUS server before communicating with the secondary RADIUS server, and so
forth
3. Click Save to retain these Security configurations for the group, click Save and Apply to retain and push these
configurations, or click Revert to return to the last saved security settings for this group.
4. Continue with additional security-r
elated procedures in this document for additional TACACS+, RADIUS,
and SSID settings for device groups, as required.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring and Using Device Groups in AWMS | 93
Configuring Group SSIDs and VLANs
The Groups > SSIDs configuration page allows you to create and edit SSIDs and VLANs that apply to a device
group. Perform these steps to create or edit VLANs and to set SSIDs.
Note: WLANs that are supported from one or more Cisco WLC controllers can be configured on the Groups > Cisco WLC Config
page.
Figure 44 illustrates an example of the Groups > SSID
Figure 44 Groups
Note: AWMS reports users by radio and by SSID. Graphs on the AP and controller monitoring pages have check boxes that
display bandwidth in and out based on SSID. Furthermore, AWMS reports can also be run and filtered by SSID. There is an option
on the AMP Setup > General page to age out SSIDs and their associated graphical data; by default, this is set to 365 days.
> SSIDs Page Illustration
s page.
Note: Multiple VLANs and SSIDs are supported only on Cisco access points.
1. Navigate to the Gr
oups > List page and select the group for which to define SSIDs/VLANs by clicking the
group name. Alternatively, click Add to create a new group, define a group name. In either case, the Groups >
Monitor page appears.
2. Select the Groups
and VLANs that are currently configured
> SSIDs configuration page. Table 54 describes the information that appears for SSIDs
for the device group.
Table 54 Groups > SSIDs Fields and Descriptions
Field
SSID Displays the SSID associated with the VLAN.
VLAN ID Identifies the number of the primary
unencrypted packets can pass between the AP and the switch.
Name Displays the name of the VLAN.
Encryption Mode Displays the encryption on the VLAN.
First or Second Radio Enabled Checkbox enables the VLAN, SSID and Encryption Mode on the radio
control.
VLAN SSID on which encrypted or
94 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Table 54 Groups > SSIDs Fields and Descriptions
Field
First or Second Radio Primary Specifies which VLAN to be used as the primary VLAN. A primary VLAN is
required.
NOTE: If you
which the APs broadcast an SSID, the Primary SSID is the one that is
broadcast.
Native VLAN Selects this VLAN to be the native VLAN. Native VLANs are untagged and
typically
be set. Some AP types do not require a native VLAN. For those APs, you need
to create a dummy VLAN, disable it on both radio controls and ensure that it
has the highest VLAN ID.
3. Click Add to create a new SSID or VLAN, or click the pencil icon next to an existing SSID/VLAN to edit that
existing SSID or VLAN. The Add SSID/VLAN configuration page appears as illustrated in Figure 45 and
explained in Table 55.
create an Open network (see Create Closed Network below) in
used for management traffic only. AWMS requires a Native VLAN to
Figure 45 Group
4. Locate the SS
s > SSIDs > Add SSID/VLAN Page Illustration
ID/VLAN section on the Groups > SSIDS configuration page and adjust these settings as
required. This section encompasses the basic VLAN configuration. Table 55 describes the settings and default
values.
Table 55 Groups > SSIDs > SSID/VLAN Section Fields and Default Values
Setting Default Description
Specify Interface Name Ye s Enables or disables an interface name for the VLAN interface.
Selecting No for this option displays the Enable VLAN Tagging option.
Interface None Sets the interface to support
SSID None Sets the Service Set Identifier (SSID),
identifier attached to the header of packets sent over a WLAN. It acts as a
password when a mobile device tries to connect to the network through the
AP, and a device is not permitted to join the network unless it can provide the
unique SSID.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring and Using Device Groups in AWMS | 95
the SSID/VLAN combination.
which is a 32-character user-defined
Table 55 Groups > SSIDs > SSID/VLAN Section Fields and Default Values (Continued)
Setting Default Description
Name None Sets a user-definable name associated with SSID/VLAN combination.
VLAN ID None Indicates the number of the
VLAN designated as the Native VLAN, typically for
management purposes
Service Priority
(Cisco VxWorks only)
Maximum Allowed
Asso
ciations (0-2007)
None Identifies the delivery priority which packets receive on the VLAN/SSID
(VxWorks only).
255 Indicates the maximum number of mobile users which can associate with the
specified VLAN/SSID.
NOTE: 0 means unlimited for Cisco and none for Colubris.
Broadcast SSID (Proxim
on
ly)
No For specific devices as cited, this setting enables the AP to broadcast the
SSID for the specified VLAN/SSID. This setting works in conjunction with the
Create Closed Network setting on the Groups> Security configuration page.
Proxim devices support a maximum of four SSIDs.
Partial Closed System
(Proxim only)
Unique Beacon
(Proxim only)
Block All Inter-client
Communication
NOTE: This option should be enabled to ensure suppor
No For Proxim only, this setting enables to AP to
send its SSID in every beacon,
but it does not respond to any probe requests.
No For Proxim only, if more than one SSID is enabled, this option enables them to
be sent in separate beacons.
Yes For Colubris only, this setting blocks communication between client devices
based on SSID.
t of legacy users.
5. Locate the Encryption area on the Groups > SSIDs page and adjust these settings as required. Table 56
describes the settings and default values.
Table 56 Groups > SSIDs > Encryption Section Fields and Default Values
Setting Default Description
Encryption Mode No Encryption Drop-down menu determines the level of encryption required for devices to associate
6. Locate the EAP
Options area on the Groups > SSIDS page, and complete the settings.
Table 57 describes the settings and default values.
to the APs. The drop-down menu options are as follows. Each option displays
additional encryption settings that must be defined. Complete the associated settings
for any encryption type chosen:
Optional WEP—Wired Equivalent Privacy, not PCI compliant as of 2010
Require WEP—Wired Equivalent Privacy, not PCI compliant as of 2010
Require 802.1x—This encryption type is based on the WEP algorithm.
Require Leap—Lightweight Extensible Authentication Protocol
802.1x+WEP—Combines the two encryption types shown
LEAP+WEP—Combines the two encryption types shown
Static CKIP—Cisco Key Integrity Protocol
WPA—Wi-Fi Protected Access protocol
WPA/PSK—Combines WPA with Pre-Shared Key encryption
WPA2—Wi-Fi Protected Access 2 encryption
WPA2/PSK—Combines the two encryption methods shown
96 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Table 57 Groups > SSIDs
> EAP Options Section Fields and Default Values
Setting Default Description
WEP Key Rotation
Interval (seconds)
Cisco TKIP No If enabled, Cisco Temporal Key Integrity Protocol (TKIP) provides per-packet key
Cisco MIC Disabled If enabled, Cisco Message Integrity Check (MIC)
120 Time (in seconds) between WEP key rotation on the AP.
mixing, a message integrity check and a re-keying mechanism, thus fixing the flaws of
WEP.
NOTE: TKIP
make it more difficult to tamper with the packets.
can only be enabled when EAP-based security is used.
adds several bytes per packet to
7. Locate the RADIUS Authentication Servers area on the Groups > SSIDS configuration page and define the
settings. Table 58 describes the settings and default values.
Table 58 Groups > SSIDs > RADIUS Authentication Servers Fields and Default Values
Setting Default Description
RADIUS
Authentication Server
1-3
(Colubris,
ProCurve420, Proxim
only)
Authentication Profile
ame (Proxim Only)
N
None Drop-down menu to select RADIUS Authentication servers previously entered on
the Group > RADIUS configuration page. These RADIUS servers dictate how
wireless clients authenticate onto the network.
None Sets the Authentication Profile Name for Proxim AP-600, AP-700, AP-2000, AP-4000,
Avaya AP3/4/5/6/7/8 and HP ProCurve 520WL APs.
Authentication Profile
Index (Proxim Only)
8. Click Save when the security settings and
Note: You may need to return to the Security configuration page to configure or reconfigure RADIUS servers.
9. Locate the R
None Sets the Authentication Profile Index for Proxim AP-600, AP-700, AP-2000, AP-4000,
Avaya AP3/4/5/6/7/8 and HP ProCurve 520WL APs.
configurations in this procedure are complete.
ADIUS Accounting Servers area on the Groups > SSIDS configuration page and define the
settings. Table 59 describes the settings and default values.
Table 59 Groups > SSIDs > Radius Accounting Servers Fields and Default Values
Setting Default Description
RADIUS Accounting Server
1-3 (Proxim Only)
Accounting Profile Name
(Prox
im Only)
Accounting Profile Index
(Prox
im Only)
None Pull-down menu selects RADIUS Accounting servers previously entered on
the Group > RADIUS configuration page. These RADIUS servers dictate where
the AP sends RADIUS Accounting packets for this SSID/VLAN.
None Sets the Accounting Profile Name for Proxim AP-600, AP-700, AP-2000, AP-
4000, Avaya AP3/4/5/6/7/8 and HP ProCurve 520WL APs.
None Sets the Accounting Profile Index for Proxim AP-600, AP-700, AP-2000, AP-
4000, Avaya AP3/4/5/6/7/8 and HP ProCurve 520WL APs.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring and Using Device Groups in AWMS | 97
10. Click Save to retain these Security configurations for the group, click Save and Apply to retain and push these
configurations, or click Revert to return to the last saved security settings for this group.
11. Continue with additional security-r
and SSID settings for device groups, as required.
elated procedures in this document for additional TACACS+, RADIUS,
Adding and Configuring Group AAA Servers
Configure RADIUS servers on the Group > AAA Servers page. TACACS+ servers are configured as a part of
Cisco WLC configuration, In that case, refer to “Configuring Security Paramete
rs and Functions” on page110.
Once defined on this page, RADIUS servers are
and Groups > SSIDs configuration pages. Perform these steps to create RADIUS servers.
Note: TACACS+ servers are configurable only for Cisco WLC devices. Refer to “Configuring Wireless Parameters for Cisco
Controllers” on page110.
1. Navigate to the G
name. Alternatively, click Add from the Groups > List page to create a new group, define a group name. In
either case, the Monitor page appears.
2. Select the AAA Serv
and Figure 47 illustrate this page for
Figure 46 Groups > AA
roups > List page and select the group for which to define AAA servers by clicking the group
ers page. The AAA Servers page appears, enabling you to add a RADIUS server. Figure 46
AAA RADIUS Servers:
A Servers Page Illustration
selectable in the drop-down menus on the Groups > Security
3. To add a RADIUS server or edit an existing server,
corresponding pencil icon to edit an existing server. Table 60 describes the settings and default values of the
Add/Edit pa
Figure 47 Add
98 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.1 | User Guide
ge.
ing a RADIUS Server Page Illustration
click the Add New RADIUS Server button or click the
Table 60 Ad
ding a RADIUS Server Fields and Default Values
Setting Default Description
Hostname/IP Address None Sets the IP Address or DNS name for RADIUS Server.
NOTE: IP Address is req
uired for Proxim/ORiNOCO and Cisco Aironet IOS APs.
Secret and Confirm
Secret
Authentication No Sets the RADIUS server to
Authorization Port 1812 Sets the port used for communication between the
Accounting No Sets the RADIUS server to perform accoun
Accounting Port No Sets the port used for communication between the
Timeout (Seconds) None Sets the time (in seconds) that the access point waits for
Max Retries
(0-20)
None Sets the shared secret that is used to establish
RADIUS server.
NOTE: The sha
server.
None Sets the number of times a RADIUS request is resent to a RADIUS server before failing.
NOTE: If a RADIUS server is not
increasing the number of retries.
red secret entered in AWMS must match the shared secret on the server.
perform authentication when this setting is enabled with Yes .
responding or appears to be responding slowly, consider
communication between AWMS and the
AP and the RADIUS server.
ting functions when enabled with Yes.
AP and the RADIUS server.
a response from the RADIUS
4. Click Add to complete the creation of the RADIUS server, or click Save if editing an existing RADIUS server.
The Groups > AAA Servers page displays this new or edited server. You can now reference this server on the
Groups > Security page.
AWMS supports reports for subsequent
RADIUS Authentication. These are viewable by clicking Reports >
Generated, scrolling to the bottom of the page, and clicking Latest RADIUS Authentication Issues Report.
Note: AWMS first checks its own database prior to checking the RADIUS server database.
5. To make additional RADIUS configurations for dev
ice groups, use the Groups > Security page, and refer to
“Configuring Group Security Settings” on page91.
Dell PowerConnect W AirWave 7.1 | User Guide Configuring and Using Device Groups in AWMS | 99
Configuring Radio Settings for Device Groups
The Groups > Radio configuration page allows you to specify detailed RF-related settings for devices in a
particular group.
Note: If you have existing deployed devices, you may want to use the current RF settings on those devices as a guide for
configuring the settings in your default Group.
Perform the following steps to define RF-related radio settings
1. Navigate to the Gr
group name. Alternatively, click Add from the Groups > List page to create a new group, define a group
name. In either case, the Monitor page appears.
2. Navigate to the Group
Figure 48 Groups
oups > List page and select the group for which to define radio settings by clicking the
s > Radio page. Figure 48 illustrates this page.
> Radio Page Illustration
for groups.
100 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.1 | User Guide
Loading...